Former DHS cybersecurity chief points finger at Congress
IDG News Service - Part of the blame for continued cybersecurity problems in the U.S. government and beyond lies with Congress and its "scattershot" approach to dealing with the issue, a former assistant secretary for cybersecurity at the U.S. Department of Homeland Security said today .
Congress has often provided aggressive oversight of cybersecurity efforts at DHS and elsewhere, but there are continued turf battles between various congressional committees, and lawmakers introduce multiple pieces of legislation that sometimes conflict with each other, said Gregory Garcia, who served as assistant secretary for cybersecurity and communications at DHS from late 2006 to late 2008.
Garcia mentioned eight congressional committees that have responsibility for a portion of cybersecurity policy, and he called on congressional leadership to coordinate cybersecurity efforts. Some committees are pushing for more cybersecurity responsibility outside of DHS, while other committees are resisting changes, he said during a press briefing.
Congressional leaders "need to bring their committees together, sit them around the table ... and make sure everybody understands what is their jurisdiction, what's their responsibility, and what are the policy gaps," Garcia said. "Have a coordinated, leadership-driven process, rather than letting all these committees go off freelancing with their next great idea."
If one committee is pressing for the U.S. Department of Justice to have more authority and a second is pressing for DHS to have more authority, "we're not making progress, we're going off scattershot," Garcia added.
Garcia's time at DHS was marked by hypercriticism from a Democrat-controlled Congress of the agency, with its leadership appointed by former Republican President George Bush, he said. There were also significant management problems at DHS, partly because the agency is only six years old, Garcia said, but a large problem was that agency leaders were sensitive about criticism from Congress, and wouldn't let lower level staffers make the decisions they had expertise to make.
"Decisions were made at the political level, not at the civil servant level," he said.
Some of the congressional criticism of DHS seemed "cynical," added Garcia, now president of Garcia Strategies, a consulting group.
Members of the House Homeland Security Committee didn't immediately respond to a request for a reaction to Garcia's comments. The House committee has hosted several hearings focused on cybersecurity in recent years.
Garcia's criticism of the cybersecurity policy process came two days after the U.S. Government Accountability Office (GAO) issued a report saying that federal IT systems remain vulnerable to a variety of cyberattacks.
Security audits have "identified significant weaknesses in the security controls on federal information systems, resulting in pervasive vulnerabilities," the GAO report said. "GAO has identified weaknesses in all major categories of information security controls at federal agencies."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts