Former DHS cybersecurity chief points finger at Congress
IDG News Service - Part of the blame for continued cybersecurity problems in the U.S. government and beyond lies with Congress and its "scattershot" approach to dealing with the issue, a former assistant secretary for cybersecurity at the U.S. Department of Homeland Security said today .
Congress has often provided aggressive oversight of cybersecurity efforts at DHS and elsewhere, but there are continued turf battles between various congressional committees, and lawmakers introduce multiple pieces of legislation that sometimes conflict with each other, said Gregory Garcia, who served as assistant secretary for cybersecurity and communications at DHS from late 2006 to late 2008.
Garcia mentioned eight congressional committees that have responsibility for a portion of cybersecurity policy, and he called on congressional leadership to coordinate cybersecurity efforts. Some committees are pushing for more cybersecurity responsibility outside of DHS, while other committees are resisting changes, he said during a press briefing.
Congressional leaders "need to bring their committees together, sit them around the table ... and make sure everybody understands what is their jurisdiction, what's their responsibility, and what are the policy gaps," Garcia said. "Have a coordinated, leadership-driven process, rather than letting all these committees go off freelancing with their next great idea."
If one committee is pressing for the U.S. Department of Justice to have more authority and a second is pressing for DHS to have more authority, "we're not making progress, we're going off scattershot," Garcia added.
Garcia's time at DHS was marked by hypercriticism from a Democrat-controlled Congress of the agency, with its leadership appointed by former Republican President George Bush, he said. There were also significant management problems at DHS, partly because the agency is only six years old, Garcia said, but a large problem was that agency leaders were sensitive about criticism from Congress, and wouldn't let lower level staffers make the decisions they had expertise to make.
"Decisions were made at the political level, not at the civil servant level," he said.
Some of the congressional criticism of DHS seemed "cynical," added Garcia, now president of Garcia Strategies, a consulting group.
Members of the House Homeland Security Committee didn't immediately respond to a request for a reaction to Garcia's comments. The House committee has hosted several hearings focused on cybersecurity in recent years.
Garcia's criticism of the cybersecurity policy process came two days after the U.S. Government Accountability Office (GAO) issued a report saying that federal IT systems remain vulnerable to a variety of cyberattacks.
Security audits have "identified significant weaknesses in the security controls on federal information systems, resulting in pervasive vulnerabilities," the GAO report said. "GAO has identified weaknesses in all major categories of information security controls at federal agencies."
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!