New cyber chief faces challenges as DHS struggles
Homeland Security Department has not fully addressed any of the 13 cyber responsibilities that were assigned to the department when Congress created it more than two years ago, GAO says.
The new cyber-security czar faces numerous challenges as the Homeland Security Department continues to struggle with its responsibilities for protecting key cyber infrastructures.
David Powner, director of information technology management issues at the Government Accountability Office (GAO), on Tuesday testified before Congress that the Homeland Security Department has not fully addressed any of the 13 cyber responsibilities that were assigned to the department when Congress created it more than two years ago.
The GAO's findings come after Homeland Security Secretary Michael Chertoff announced last week that he would promote the director of the department's cyber-security division to assistant secretary and expand the job's portfolio to include telecommunications security. Chertoff has not picked a candidate for the new assistant secretary post.
During a hearing, senators on the Homeland Security and Governmental Affairs Federal Financial Management, Government Information and International Security Subcommittee said they are pleased with Chertoff's decision to elevate the post. Maine Republican Susan Collins, chairwoman of the full committee, said that action is overdue.
"As greater amounts of money are transferred through computer systems, as more sensitive economic and commercial information is exchanged electronically, and as the nation's defense and intelligence communities increasingly rely on commercially available information technology, the likelihood increases that information attacks will threaten vital national interests," Powner said in his written testimony.
Under the 2002 law that created Homeland Security, Congress established the department as the focal point for cyber security. It has responsibility for analyses, warnings, information sharing, reductions in vulnerabilities, and mitigation and recovery efforts after cyber attacks for both public and private computer systems.
Topping the list of unmet responsibilities is a national plan for critical infrastructure protection, including cyber security. "The plan is not yet comprehensive and complete," Powner said, noting that the department plans to add sector-specific cyber-security details to its interim plan.
Powner also said the cyber-security division has yet to develop a complete warning or response system to notify and coordinate with the private sector. And information sharing with other government entities and the private sector has been limited. "More work is needed to address barriers to effective partnerships and information sharing," Powner said.
The GAO outlined several challenges that have impeded the division's ability to fulfill its cyber responsibilities. Those factors include the stability of the department; its amount of authority; its ability to overcome hiring and contracting issues; the awareness of cyber-security roles and capabilities; and the availability of effective partnerships among federal, state and local officials, as well as the private sector.