IDG News Service - WASHINGTON -- The U.S. Department of Homeland Security needs to develop a recovery plan for widespread attack on the Internet, and it needs stable leadership in cybersecurity, a government investigator told a U.S. Senate subcommittee yesterday.
While the DHS can track Internet threats, it doesn't have an Internet recovery plan or a national cybersecurity threat assessment, said David Powner, director of IT management at the U.S. Government Accountability Office (GAO). The DHS is making progress but more work needs to be done, he told a subcommittee of the Senate Homeland Security and Governmental Affairs Committee.
"Until DHS addresses its many challenges ... it cannot function as a cybersecurity focal point for coordinating federal law and policy," Powner added. "The result is an increased risk, and large portions of our critical infrastructure are unprepared to effectively handle a cybersecurity attack."
Senators echoed Powner's criticisms, first outlined in a GAO report released in May.
"The United States does not currently have a robust ability to detect a coordinated attack on our critical infrastructure, nor does it have a measurable recovery and reconstitution plan for key mechanisms of the Internet and telecommunications system," said Sen. Tom Coburn, an Oklahoma Republican and chairman of the Federal Financial Management, Government Information and International Security Subcommittee.
The DHS is working hard to improve the nation's cybersecurity efforts, said Andy Purdy, acting director of the DHS National Cyber Security Division. Purdy outlined several efforts under way at DHS. A draft of a national infrastructure vulnerability assessment, including a cybersecurity assessment, should be completed within a couple of months, and the DHS Internet Disruption Working Group is working on a plan for Internet recovery after a major attack, he said.
The cyber division is also supporting efforts to push IPv6, a more secure version of the current Internet Protocol, Purdy said. The division is encouraging software vendors to create more secure products, and it plans to renew efforts to work with other agencies and private companies to identify the most significant cyber attack possibilities, he said.
Purdy also noted that DHS Secretary Michael Chertoff announced last week that he would create a new position, an assistant secretary for cyber and telecommunications security. Purdy told senators that a new high-level cybersecurity leader should end high turnover in the cyber division's leadership, and the new assistant secretary will "accelerate" cybersecurity efforts.
"We believe [the GAO report] has provided a fair assessment of the progress to date and agree that while considerable work has been done, much work remains to meet
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
