Thumb twiddling on cybersecurity
Congresswoman Zoe Lofgren says bureaucratic miscues continue to hamstring serious government action to combat cyberattacks.
Malicious code--viruses and worms--is being created to exploit software flaws within days, when only a year ago it would have taken months for such code to appear. Our water supply, electric grid, nuclear energy system and other critical infrastructures are interconnected and interdependent, increasing the likelihood that a cyberattack could disrupt major services and cripple economic activity.
When the Department of Homeland Security was created, the president eliminated the position of senior advisor to the president on cybersecurity and delegated its responsibilities to the new department. For months, the department failed to assume this responsibility and did little on cybersecurity.
It was only after the private sector and technology companies told the government that it needed to provide leadership that the Department of Homeland Security created the National Cyber Security Division, an entity buried deep within the agency. Because the director of this division does not have a direct line to the president or to the secretary of homeland security, his or her effectiveness is limited.
Amit Yoran was hired to be the Director of the NCSD. He lasted in this position for only a year--largely because of the serious structural problems within the Department of Homeland Security.
We recently introduced bipartisan legislation in the House of Representatives to create an assistant secretary of cybersecurity within the Department of Homeland Security, legislation that later passed in the House of Representatives as a part of the 9/11 Recommendations Implementation Act. We are optimistic that this provision will survive the conference with the Senate and remain in the final version of the act.
If enacted, the creation of the assistant secretary position will elevate cybersecurity to a level that can coordinate with senior Department of Homeland Security personnel, other agencies and the private sector in a meaningful way. While it is true that the government must not develop plans for physical security and cybersecurity in a vacuum, it is equally true that the government cannot be naive in its approach and must recognize the unique and crosscutting nature of the cyberworld.
The assistant secretary of cybersecurity would sit next to an assistant secretary who deals with physical infrastructure protection. By creating this position, we can ensure that we are prepared for attacks on both our cyber and physical structures. Under the current structure, the Department of Homeland Security is simply not getting the job done.
On Oct. 13, The Washington Post reported that Secretary of Homeland Security Tom Ridge said the role of overseeing computer security and the Internet should have a higher profile in the Department of Homeland Security.
More specifically, he said a position of assistant secretary to be responsible for both cyber and telecommunications security would be created. Shortly after he made this statement, Homeland Security Spokesman Brian Roehrkasse clarified Ridge's statement. He said Ridge had misspoken and that the position would in fact be a deputy assistant secretary position.
That is simply just not good enough; a deputy assistant secretary position would only enhance the hierarchy and red tape within the department. It is unfortunate that the Department of Homeland Security has failed to realize the importance of elevating this position.
Securing our networks must be a priority in our country's overall homeland security strategy. It does not appear to be a priority for the Department of Homeland Security, as demonstrated by its outsourcing of our government's top cybersecurity position. Too much time has been wasted. We cannot wait for an "electronic 9/11" to happen before the Department of Homeland Security focuses its attention on preparing for and responding to threats to our computer networks.