[Infowarrior] - Senator blasts Homeland Security's Net efforts

Fri Jul 28 15:18:09 EDT 2006

Senator blasts Homeland Security's Net efforts

By Anne Broache
http://news.com.com/Senator+blasts+Homeland+Securitys+Net+efforts/2100-7348_
3-6099753.html

Story last modified Fri Jul 28 11:31:39 PDT 2006

advertisement

WASHINGTON--A Republican senator on Friday blasted the U.S. Department of
Homeland Security's readiness for a massive cyberattack, saying he hasn't
seen any improvements since bringing in department officials for questioning
last summer.

"Despite spending millions of dollars over the past year, DHS continues to
struggle with how to effectively form and maintain effective public-private
partnerships in support of cybersecurity," Sen. Tom Coburn of Oklahoma said
at a hearing convened by a Senate Homeland Security subcommittee, of which
he is chairman.

Coburn, the only politician present at the 90-minute hearing, grilled top
computer security officials from Homeland Security, the National Security
Agency, the Office of Management and Budget, and the Government
Accountability Office (GAO). He also asked private-sector companies for
suggestions for government action.

The Oklahoma senator joined industry groups and congressional colleagues in
chiding the agency for failing to appoint a high-level cybersecurity chief
one year after the post's creation. He said having a strong leader in charge
is critically important to defend against a crippling cyberattack that could
take out not only e-commerce and communications capacities, but also
"electrical transformers, chemical systems and pipelines" controlled by
computers.

"There's going to be an assistant secretary (for cybersecurity and
telecommunications), I promise you, even if we have to raise the salary for
the position," he said.

Homeland Security's top cybersecurity post has remained a low- to mid-level
position ever since Congress passed a 2002 law that melded 22 federal
agencies and made the department chiefly responsible for protecting
cyberspace. Numerous audits have faulted the sprawling cabinet department
for its lack of readiness to handle large-scale attacks and for shortcomings
on its internal networks.

That blistering critique continued on Friday with a new GAO report, which
accused Homeland Security of failing to finalize clear plans that detail the
responsibilities of state and local governments, other federal agencies and
the private sector before, during and after Internet disruptions. "Today, no
such plan exists" despite a federal mandate to devise one, Keith Rhodes, the
GAO's chief technologist, told the committee.

DHS Undersecretary of Preparedness George Foresman acknowledged that his
department still has much to accomplish, but he suggested the federal
auditors' assessment "is much bleaker than what is the actual progress to
date."

Government officials have been meeting with corporations from vulnerable
industries through committees and working groups, the official said, and the
department conducted its first major cybersecurity exercise in February,
with plans to release a report on lessons learned in the near future. "These
lessons, like those of Katrina, will not sit idle," Foresman said.

Coburn questioned why Homeland Security has not let private companies take
on an even greater role in devising policy. "It just seems to me that if 75
percent of (the nation's infrastructure) is private-sector owned, your
bottom line depends on this staying up and working...Why don't you tell us
what to do?" he asked.

"That's exactly what we're doing," Foresman responded, though he
acknowledged it's challenging to work with companies that don't always trust
the government with proprietary information that could aid their
competitors.

An icy Coburn also couldn't resist taking a jab at DHS officials on another
front: He said the agency's prepared testimony for the Friday hearing didn't
arrive at his office until late Thursday night, despite receiving notice of
the event on June 12. The last-minute submission speaks volumes, he said,
providing "an example of exactly what's happening in DHS on cybersecurity."

Foresman, for his part, assured the senator that the tardiness will not
occur in the future and added, "By no means were we trying not to get
information to you."