Report shows holes in cybersecurity plan

A report sent to a House oversight committee last month details the Homeland Security Department's progress in implementing the national cybersecurity strategy issued early last year.

The 35-page report, sent in reply to a request by the House Homeland Security Committee for a detailed account of the strategy's implementation, shows both progress and remaining work. There has been no formal progress report from the Bush administration since the strategy's release in January 2003.

The report also breaks down the fiscal 2005 funding request for each item. The department's National Cyber Security Division is leading the implementation.

The report shows that an assessment of vulnerabilities to critical infrastructures long sought by Congress is targeted for 2005, with a process for assessing Internet weaknesses due later this year.

Perhaps the most touted accomplishment in the report is the establishment of a public-private structure for responding to national-level cyber incidents by designating the U.S. Computer Emergency Readiness Team (US-CERT) as the department's cybersecurity operational body. US-CERT, a long-respected operation at Carnegie-Mellon University, launched a national cyber-alert system in January.

US-CERT now includes the former Federal Computer Incident Response Center (FedCIRC) transferred to Homeland Security from the General Services Administration. This summer, it is launching a private-public partnership involving the panorama of stakeholders in the critical infrastructure community, and this year the center will update various aspects of a "partner portal," a secure Web site for coordination and information sharing.

Work remains on an "ambitious and necessary" mandate in the strategy to develop a round-the-clock cyber-response center, the department said. "There exist a number of active and planned projects within the [cybersecurity division] to locate and combine the correct mix of people, processes and technology needed to create this capability," the report said. For instance, a new "watch center" combining various functions is being built for early next year.

The department is expanding the Critical Infrastructure Warning Information Network (CWIN), a private communications network for voice and data with no dependence on the Internet or public network. CWIN terminals have been installed in key government and industry network centers and in a United Kingdom facility. Other extensions are underway in the project, for which $12.8 million is requested for fiscal 2005.

The Cyber Interagency Incident Management Group, created to coordinate intra-governmental preparedness and response operations, was created after the Livewire simulated terrorist attack exercise in October 2003. A compromise amendment to the Homeland Security appropriations bill on the Senate floor this week would move more funding within the cybersecurity division's budget to cyber exercises, increasing that item from $1.85 million to $3.5 million, according to an administration official.

The report describes a number of active exercises nationwide.

The report also identifies issues related to: overcoming private-sector reluctance to share proprietary information with the government, authenticating electronic transactions, improving the security of government work "outsourced" to the private sector, securing wireless networks, improving state and local information sharing and analysis centers, and enhancing the ability to identify sources of cyber attacks.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.