DHS lags in appointing cybersecurity czar

By Heather Greenfield

July 5, 2006

As the nation celebrated its birthday on Tuesday, those awaiting the appointment of a Cabinet-level cyber security czar are drawing attention to another July anniversary.

It has been nearly a year since Homeland Security Department Secretary Michael Chertoff announced the creation of a position for an assistant cyber security czar.

Chertoff made the announcement as part of a six-point agenda July 13, 2005, which identified elevating the position to an assistant Cabinet-level post as part of an overall strategy to "ensure that the department's policies, operations, and structures are aligned in the best way to address the potential threats -- both present and future."

That position remains unfilled.

A concerted push to appoint a single person in charge of national cyber security recovery began in Congress two years ago.

As part of a House cyber security subcommittee that was dissolved after the 108th Congress, Rep. Zoe Lofgren, D-Calif., helped draft and pass House legislation to create a cyber security czar with real power in Homeland Security.

Recently, Lofgren said the House inserted language in a bill to restructure the Federal Emergency Management Agency, requiring President Bush to nominate someone to the cyber czar job within 90 days.

"Nothing was getting done, and no one was paying attention," Lofgren said. "As a result, very little has happened to reduce our vulnerabilities."

Adding to the pressure is the release of a year-long study this week by the Business Roundtable.

"What we concluded is if there were a major cyber disruption, our nation would not be able to restore or rebuild the Internet," said Tita Freeman, director of communications for the group. "Our CEOs feel that the Internet is vital to the exchange of information that's vital to our nation's economic security and to our security in general."

Lofgren said having a cyber security czar who has a seat at the table during Cabinet meetings is critical for effective rebuilding of the Internet.

Paul Kurtz, executive director the Cyber Security Industry Alliance, agrees.

While Andy Purdy has been the acting director of the DHS National Cyber Security Division, Congress members and industry groups question whether he has the power or the background to handle the recovery of the Internet in a disaster.

Kurtz said he understands Homeland Security was busy with helping the Gulf Coast recover from last year's Hurricane Katrina, but he is "very troubled the position remains unfilled."

"It's yet another indication of the overall level of attention in the most senior levels of government," Kurtz said.

Lofgren had another explanation.

"The department is incompetent," Lofgren said. "When you say no one is home (at Homeland Security) it's not a joke."

Richard Clarke, a former cyber-security adviser to presidents Bush and Clinton, said it is critical that Bush nominate a cyber security czar for Homeland Security.

"I think it's huge," he said. "I've talked to people in the private sector who say the federal government isn't serious about security because they haven't filled these positions. They talk a good game about cyber security, but they aren't serious about it."

The Homeland Security press office did not return phone calls seeking comment.

"We don't discuss personnel issues. When there's an announcement to be made, we'll do so," said White House spokeswoman Christie Parell.

By Heather Greenfield

July 5, 2006