Congress slams Homeland Security's tech efforts

Politicians claim the department suffers from lack of leadership and a flawed information-sharing system.

WASHINGTON--The U.S. Department of Homeland Security on Wednesday sustained more bashing of its cybersecurity efforts from politicians and government auditors.

In what has become a familiar refrain, a chorus of Republicans and Democrats--all from the U.S. House of Representatives panel on telecommunications and the Internet--urged the agency to get its act together and appoint a long-awaited cybersecurity czar.

Then, at a sparsely attended afternoon hearing here, members of the House of Representatives' Homeland Security panel grilled department officials about shortcomings in the Homeland Security Information Network, which was intended to ease sharing of counterterrorism information among federal, state and local investigators.

During the morning hearing, politicians voiced dismay at the unsurprising findings of a Government Accountability Office report (click for PDF) that was released Wednesday and that had been prepared at the committee's request.

"Both government and the private sector are poorly prepared to effectively respond to cyberevents," David Powner, the GAO's director of information technology management issues, told the politicians. "Although DHS has various initiatives under way, these need to be better coordinated and driven to closure."

The Department of Homeland Security, which is chiefly responsible for coordinating responses to cyberattacks, also has no concrete plan for responding to cyberdisasters in partnership with the private sector, Powner said.

A long job search
The department's Under Secretary for Preparedness George Foresman adopted a defensive posture throughout the two-hour hearing, which also included testimony from the Federal Communications Commission and private sector representatives. A similar slate of witnesses, including Foresman, was scheduled to testify on the subject before a House Homeland Security panel on Wednesday afternoon.

Foresman emphasized that finding someone to fill the post of assistant secretary for cybersecurity and telecommunications remains a "top priority" for the department. The post has been vacant since its creation in July 2005, a situation that has drawn a rash of criticism inside and outside the government.

"We are in the final stages of a security process review for a candidate we feel is very well-qualified," he said. "We look forward to announcing this candidate with Congress very soon."

For a number of politicians, that assurance wasn't good enough. "To have gone this long without any attention to this or without having someone direct this part of the orchestra is dangerous for this country, I think, in plain English," said Rep. Anna Eshoo, a California Democrat. "I'm not one to try to hype up fear and all that, but we've placed outselves in a real ditch here by not having the administration name someone."

Foresman said he would "strenuously object" to the insinuation that department has been sitting idle while the post has remained vacant. "Had we been in neutral the entire time, I think there would be a grave concern, but I think we have been in overdrive all the time," he said.

One example of an action the department has taken was a weeklong mock attack called Cyber Storm, he said. The agency on Wednesday released a 17-page "after-action report" assessing the results of the February exercise, which involved more than 100 public and private agencies, associations, and corporations from more than 60 locations across five countries.

Featured Video