Report shows holes in cybersecurity plan

A report sent to a House oversight committee last month details the Homeland Security Department's progress in implementing the national cybersecurity strategy issued early last year.

The 35-page report, sent in reply to a request by the House Homeland Security Committee for a detailed account of the strategy's implementation, shows both progress and remaining work. There has been no formal progress report from the Bush administration since the strategy's release in January 2003.

The report also breaks down the fiscal 2005 funding request for each item. The department's National Cyber Security Division is leading the implementation.

The report shows that an assessment of vulnerabilities to critical infrastructures long sought by Congress is targeted for 2005, with a process for assessing Internet weaknesses due later this year.

Perhaps the most touted accomplishment in the report is the establishment of a public-private structure for responding to national-level cyber incidents by designating the U.S. Computer Emergency Readiness Team (US-CERT) as the department's cybersecurity operational body. US-CERT, a long-respected operation at Carnegie-Mellon University, launched a national cyber-alert system in January.

US-CERT now includes the former Federal Computer Incident Response Center (FedCIRC) transferred to Homeland Security from the General Services Administration. This summer, it is launching a private-public partnership involving the panorama of stakeholders in the critical infrastructure community, and this year the center will update various aspects of a "partner portal," a secure Web site for coordination and information sharing.

Work remains on an "ambitious and necessary" mandate in the strategy to develop a round-the-clock cyber-response center, the department said. "There exist a number of active and planned projects within the [cybersecurity division] to locate and combine the correct mix of people, processes and technology needed to create this capability," the report said. For instance, a new "watch center" combining various functions is being built for early next year.

The department is expanding the Critical Infrastructure Warning Information Network (CWIN), a private communications network for voice and data with no dependence on the Internet or public network. CWIN terminals have been installed in key government and industry network centers and in a United Kingdom facility. Other extensions are underway in the project, for which $12.8 million is requested for fiscal 2005.

The Cyber Interagency Incident Management Group, created to coordinate intra-governmental preparedness and response operations, was created after the Livewire simulated terrorist attack exercise in October 2003. A compromise amendment to the Homeland Security appropriations bill on the Senate floor this week would move more funding within the cybersecurity division's budget to cyber exercises, increasing that item from $1.85 million to $3.5 million, according to an administration official.

The report describes a number of active exercises nationwide.

The report also identifies issues related to: overcoming private-sector reluctance to share proprietary information with the government, authenticating electronic transactions, improving the security of government work "outsourced" to the private sector, securing wireless networks, improving state and local information sharing and analysis centers, and enhancing the ability to identify sources of cyber attacks.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care


When you download a report, your information may be shared with the underwriters of that document.