IDG News Service - U.S. lawmakers questioned Wednesday whether the U.S. Department of Homeland Security has the authority or resources it needs to protect the nation against cyberattacks.
Some members of the House of Representatives Homeland Security Committee raised concerns about the number and quality of workers the cybersecurity division of DHS is able to recruit, and others asked whether DHS needs more authority from Congress to force other agencies to make changes to their cyberdefenses.
The U.S. government is not ready to fight a cyberwar, said Stewart Baker, a partner in the Steptoe & Johnson law firm and former assistant secretary for policy at DHS.
"There is no doubt that we are not prepared to address a major cyberattack today," he said. "If we end up in a serious conflict with five or 10 very sophisticated countries, we will be attacked, and we will not know how to respond."
Reported attacks on U.S. agencies increased by 400% from 2006 to 2009, said Representative Bennie Thompson, a Mississippi Democrat and committee chairman. "Whether the military or intelligence-gathering operations of foreign nations; domestic or international terrorist groups; lone-wolf, hate-driven individuals; common criminals, or thrill-seeking hackers, those attempting to infiltrate and exploit this country's computer networks are both numerous and determined," he said.
The urgency to fix cybersecurity problems at DHS and across the country is missing, said Representative Dan Lungren, a California Republican. "With the money we have now, with the authority that exists now, with the personnel that exists now ... can we do a significantly better job?" he said. "Or is the answer always going to be, 'We could do a better job if we had more money and we had more personnel?'"
U.S. government computer systems could be better secured, said Gregory Wilshusen, director of information technology at the U.S. Government Accountability Office. Many U.S. agencies haven't installed the technology needed to adequately protect their networks, he said.
"The controls are available, it's a matter of getting specific devices to be more secure," he said.
Many committee members focused on concerns they had with DHS.
The U.S. Computer Emergency Readiness Team (US-CERT), the DHS division with responsibility for defending federal civilian agencies against cyberattack, is understaffed and has had four directors in five years, Thompson said. Contractors at US-CERT outnumber federal employees by a ratio of about three to one, Thompson added.
US-CERT "does not have sufficient staff to analyze security information," he said. "Given these administrative failings, it should come as no surprise that day-to-day operations may suffer."
Congress gave US-CERT authority to increase its staff from 38 in 2008 to 98 in fiscal year 2010, which began last October, said Richard Skinner, inspector general at DHS. More than 40 of those positions remain unfilled, he said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Is Your Big Data Solution Production-Ready?
- Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses
- IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center
- IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results
- Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup... All Government IT White Papers
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- All Government IT Webcasts