Report shows holes in cybersecurity plan

A report sent to a House oversight committee last month details the Homeland Security Department's progress in implementing the national cybersecurity strategy issued early last year.

The 35-page report, sent in reply to a request by the House Homeland Security Committee for a detailed account of the strategy's implementation, shows both progress and remaining work. There has been no formal progress report from the Bush administration since the strategy's release in January 2003.

The report also breaks down the fiscal 2005 funding request for each item. The department's National Cyber Security Division is leading the implementation.

The report shows that an assessment of vulnerabilities to critical infrastructures long sought by Congress is targeted for 2005, with a process for assessing Internet weaknesses due later this year.

Perhaps the most touted accomplishment in the report is the establishment of a public-private structure for responding to national-level cyber incidents by designating the U.S. Computer Emergency Readiness Team (US-CERT) as the department's cybersecurity operational body. US-CERT, a long-respected operation at Carnegie-Mellon University, launched a national cyber-alert system in January.

US-CERT now includes the former Federal Computer Incident Response Center (FedCIRC) transferred to Homeland Security from the General Services Administration. This summer, it is launching a private-public partnership involving the panorama of stakeholders in the critical infrastructure community, and this year the center will update various aspects of a "partner portal," a secure Web site for coordination and information sharing.

Work remains on an "ambitious and necessary" mandate in the strategy to develop a round-the-clock cyber-response center, the department said. "There exist a number of active and planned projects within the [cybersecurity division] to locate and combine the correct mix of people, processes and technology needed to create this capability," the report said. For instance, a new "watch center" combining various functions is being built for early next year.

The department is expanding the Critical Infrastructure Warning Information Network (CWIN), a private communications network for voice and data with no dependence on the Internet or public network. CWIN terminals have been installed in key government and industry network centers and in a United Kingdom facility. Other extensions are underway in the project, for which $12.8 million is requested for fiscal 2005.

The Cyber Interagency Incident Management Group, created to coordinate intra-governmental preparedness and response operations, was created after the Livewire simulated terrorist attack exercise in October 2003. A compromise amendment to the Homeland Security appropriations bill on the Senate floor this week would move more funding within the cybersecurity division's budget to cyber exercises, increasing that item from $1.85 million to $3.5 million, according to an administration official.

The report describes a number of active exercises nationwide.

The report also identifies issues related to: overcoming private-sector reluctance to share proprietary information with the government, authenticating electronic transactions, improving the security of government work "outsourced" to the private sector, securing wireless networks, improving state and local information sharing and analysis centers, and enhancing the ability to identify sources of cyber attacks.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.


When you download a report, your information may be shared with the underwriters of that document.