DHS: Dumb, Huge, Slow

Computerworld - If you've been at all worried that the Department of Homeland Security might be doing something worth paying attention to, rest easy. When it comes to having any significant impact on corporate IT security plans, the $36 billion federal agency has been monumentally ineffective.
As our front-page story this week points out, it's private-sector companies -- particularly in transportation, utilities and finance -- that are driving their own IT security strategies to protect the nation's critical infrastructures. Without any push from the DHS, for example, the Rail Industry Security Committee is busy sharing best practices for both physical and cybersecurity. In the natural gas industry, same story. "All of the initiatives are industry-driven," says Gary Gardner, CIO of the American Gas Association.
Given that the private sector owns and operates 85% of the critical infrastructure that keeps our lights on and water flowing, this may seem like the natural course of events. But at least part of the fantasy behind spending billions of our tax dollars on the DHS was to create an agency that could orchestrate a public/private collaboration on security matters. "I think largely we've dropped the ball," says Richard Clarke, former chairman of the President's Critical Infrastructure Protection Board.
CIOs and senior IT executives would no doubt agree. They've all noticed that there are no incentives in the 1-year-old "National Strategy to Secure Cyber Space" plan for private industry. No tax credits. No cost sharing. No real reason to care.
The companies that do care, however, are computer industry vendors and service providers. They influence DHS strategy and direction through a handful of powerful lobbying groups, the most prominent being the Information Technology Association of America. Their agendas boil down to this: Prevent any new government regulations or reporting requirements that would mandate changes in IT products. So far, mission accomplished.
For its part, the DHS has managed to stay in the headlines with a steady supply of screw-ups. In July 2003, the Homeland Security geniuses signed a deal for $90 million worth of Microsoft software just as yet another critical security flaw in Windows was everywhere in the news . Around that time, perhaps coincidentally, the status of the cybersecurity job once held by Clarke fell so many rungs down the political ladder that it ended up in cyberobscurity.
Then, last August, a report from the General Accounting Office, the investigative arm of Congress, documented what a pitiful job the DHS was doing in its security information-sharing efforts with state and local authorities . Not that