Former DHS cybersecurity chief points finger at Congress
IDG News Service - Part of the blame for continued cybersecurity problems in the U.S. government and beyond lies with Congress and its "scattershot" approach to dealing with the issue, a former assistant secretary for cybersecurity at the U.S. Department of Homeland Security said today .
Congress has often provided aggressive oversight of cybersecurity efforts at DHS and elsewhere, but there are continued turf battles between various congressional committees, and lawmakers introduce multiple pieces of legislation that sometimes conflict with each other, said Gregory Garcia, who served as assistant secretary for cybersecurity and communications at DHS from late 2006 to late 2008.
Garcia mentioned eight congressional committees that have responsibility for a portion of cybersecurity policy, and he called on congressional leadership to coordinate cybersecurity efforts. Some committees are pushing for more cybersecurity responsibility outside of DHS, while other committees are resisting changes, he said during a press briefing.
Congressional leaders "need to bring their committees together, sit them around the table ... and make sure everybody understands what is their jurisdiction, what's their responsibility, and what are the policy gaps," Garcia said. "Have a coordinated, leadership-driven process, rather than letting all these committees go off freelancing with their next great idea."
If one committee is pressing for the U.S. Department of Justice to have more authority and a second is pressing for DHS to have more authority, "we're not making progress, we're going off scattershot," Garcia added.
Garcia's time at DHS was marked by hypercriticism from a Democrat-controlled Congress of the agency, with its leadership appointed by former Republican President George Bush, he said. There were also significant management problems at DHS, partly because the agency is only six years old, Garcia said, but a large problem was that agency leaders were sensitive about criticism from Congress, and wouldn't let lower level staffers make the decisions they had expertise to make.
"Decisions were made at the political level, not at the civil servant level," he said.
Some of the congressional criticism of DHS seemed "cynical," added Garcia, now president of Garcia Strategies, a consulting group.
Members of the House Homeland Security Committee didn't immediately respond to a request for a reaction to Garcia's comments. The House committee has hosted several hearings focused on cybersecurity in recent years.
Garcia's criticism of the cybersecurity policy process came two days after the U.S. Government Accountability Office (GAO) issued a report saying that federal IT systems remain vulnerable to a variety of cyberattacks.
Security audits have "identified significant weaknesses in the security controls on federal information systems, resulting in pervasive vulnerabilities," the GAO report said. "GAO has identified weaknesses in all major categories of information security controls at federal agencies."
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!