Homeland Security Department's work on cybersecurity questioned

Lawmakers on Tuesday questioned Homeland Security Department officials about their efforts to better protect the nation's critical infrastructure while expanding the department's information technology architecture.

Texas Republican Mac Thornberry, chairman of the House Homeland Security Subcommittee on Cyber Security, said that while he is "pleased" the department acknowledged the need to consolidate the nation's cyber mission when it created a division on the issue last summer, he expressed concern that "many of the cyber-security resources within the department remain fragmented and have not been integrated" under the division.

Democrats on the panel questioned whether the department is deploying "concrete" cyber-security initiatives under the division.

In an opening statement, Texan Jim Turner, ranking Democrat on the full committee, noted that Robert Liscouski, the assistant secretary for infrastructure protection, told the subcommittee six months ago that the department was undertaking "significant initiatives to further our country's efforts to secure cyberspace and prepare and respond to network attacks."

But Turner added that the cyber-security initiatives that have been unveiled "have not gotten us much further than we were before the creation of the department." California Democrat Zoe Lofgren echoed his comments. "I'm not convinced [cyber security] is a priority in the department, and I'm troubled by the lack of concrete cyber-security initiatives," she said.

Liscouski said in his testimony that the almost one-year-old national cyber-security unit is a critical component to preventing and responding to a cyber attack.

The division "is building a significant team of technical and security experts and determining the infrastructure it needs in support of its numerous initiatives toward greater national cyber security," he said. Under President Bush's fiscal 2005 budget proposal, the division would receive $75 million for priorities outlined in the cyber-security strategy released last February.

Addressing the department's technology framework, Washington Republican Jennifer Dunn, vice chairwoman of the full committee, asked Steven Cooper, Homeland Security's chief information officer, whether the department leveraged investments on new security initiatives -- such as its system to track foreign visitors entering and exiting the country -- against its plans to build an enterprise architecture for the department.

Cooper said that as a member of the advisory board on the immigrant-tracking system, as well as other major new programs, he works to ensure that infrastructure systems are compatible with the overarching architecture. The department plans to complete work on its second version of the enterprise architecture in late 2004. "This work will develop additional detail around the target architecture and enhance the transition strategy," Cooper said.

He also assured lawmakers that officials are fixing problems with other agencies' computer systems before integrating them into the department-wide network.

Turner, however, expressed concern about the department's efforts to "build robust information technology systems" and secure "its own internal networks." He said an official stated last week that e-mail within the department "can't get passed to people in the same office" and that "it takes hours for an e-mail to bounce around the department to reach its destination."