In the wake of several high-profile data breaches at government agencies this year, Senate Judiciary Committee ranking Democrat Patrick Leahy of Vermont said the administration has been reckless in its refusal to fill the position in a timely manner. He said individuals whose personal information has been compromised have paid the price for such mistakes.
"I wish we were just talking about security," Leahy said. "Unfortunately, we're talking about incompetence."
Charles Schumer, D-N.Y., said it is hypocritical for lawmakers to demand that private companies secure and protect the personal information of individuals for which they are responsible when the government itself has been so careless.
The theft of a laptop computer belonging to the Veterans Affairs Department this spring exposing the personal information of more than 26 million Americans is the "tip of the iceberg," Schumer said. The computer was recovered last month. He added that data breaches at the Agriculture, Energy and Health and Human Services departments indicate complacency at all levels of government.
"The bottom line is what bank robbery was in the Depression, ID theft is to the information age," Schumer said.
According to Schumer, the Bush administration missed a crucial opportunity after the Sept. 11, 2001 terrorist attacks to establish measures to protect American's information technology infrastructure.
"The administration completely overlooked the pink gorilla in the room -- cyberspace," Schumer said.
Floridian Bill Nelson said Homeland Security's inaction on cyber security is demonstrative of its overall inadequacy. He said the department's response to hurricanes in his state during the past several years has been inexcusable. He called its management of cyber security "unconscionable."
Nelson said he is frustrated that lawmakers have not been given an opportunity to craft a combination of the data security bills approved by the Commerce and Judiciary committees in the past year. Leahy blamed the GOP leadership for not allowing his colleagues to bring up the proposals.
"There's no reason that these two bills can't be married up," Nelson said.
Paul Kurtz, director of the Cyber Security Industry Alliance, said the Bush administration has gone "absent without leave" on information security issues and that no government body is more responsible than the Homeland Security. Kurtz said the stakes for inaction are high because the U.S. economy and government security systems depend so heavily on digital infrastructures.
"Digital systems underpin our national and economic security," said Kurtz, who dealt with cyber security issues as a former special assistant to President Bush.
Leahy echoed Kurtz's call for immediate federal action. He said a well-crafted cyber attack on the United States could be just as disastrous as a physical one, because it could happen at any time and could come from anywhere.
"The administration is big on rhetoric and awfully slow on reality," Leahy said.