IDG News Service - U.S. lawmakers questioned Wednesday whether the U.S. Department of Homeland Security has the authority or resources it needs to protect the nation against cyberattacks.
Some members of the House of Representatives Homeland Security Committee raised concerns about the number and quality of workers the cybersecurity division of DHS is able to recruit, and others asked whether DHS needs more authority from Congress to force other agencies to make changes to their cyberdefenses.
The U.S. government is not ready to fight a cyberwar, said Stewart Baker, a partner in the Steptoe & Johnson law firm and former assistant secretary for policy at DHS.
"There is no doubt that we are not prepared to address a major cyberattack today," he said. "If we end up in a serious conflict with five or 10 very sophisticated countries, we will be attacked, and we will not know how to respond."
Reported attacks on U.S. agencies increased by 400% from 2006 to 2009, said Representative Bennie Thompson, a Mississippi Democrat and committee chairman. "Whether the military or intelligence-gathering operations of foreign nations; domestic or international terrorist groups; lone-wolf, hate-driven individuals; common criminals, or thrill-seeking hackers, those attempting to infiltrate and exploit this country's computer networks are both numerous and determined," he said.
The urgency to fix cybersecurity problems at DHS and across the country is missing, said Representative Dan Lungren, a California Republican. "With the money we have now, with the authority that exists now, with the personnel that exists now ... can we do a significantly better job?" he said. "Or is the answer always going to be, 'We could do a better job if we had more money and we had more personnel?'"
U.S. government computer systems could be better secured, said Gregory Wilshusen, director of information technology at the U.S. Government Accountability Office. Many U.S. agencies haven't installed the technology needed to adequately protect their networks, he said.
"The controls are available, it's a matter of getting specific devices to be more secure," he said.
Many committee members focused on concerns they had with DHS.
The U.S. Computer Emergency Readiness Team (US-CERT), the DHS division with responsibility for defending federal civilian agencies against cyberattack, is understaffed and has had four directors in five years, Thompson said. Contractors at US-CERT outnumber federal employees by a ratio of about three to one, Thompson added.
US-CERT "does not have sufficient staff to analyze security information," he said. "Given these administrative failings, it should come as no surprise that day-to-day operations may suffer."
Congress gave US-CERT authority to increase its staff from 38 in 2008 to 98 in fiscal year 2010, which began last October, said Richard Skinner, inspector general at DHS. More than 40 of those positions remain unfilled, he said.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Comprehensive Advanced Threat Defense
- The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach
- In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Market Overview: Digital Customer Experience Delivery Platforms
- Forrester states that businesses today struggle to understand and use the tools necessary to create and manage unified, multichannel digital customer experiences across...
- The Growing Demand for Rich Media
- This white paper discusses how IBM Customer Experience Suite Rich Media Edition can automate rich media workflows, from collaborating with creative agencies and... All Government IT White Papers
- It's not too late...Get Your Mobile Questions Answered Live! How can IT provide seamless and secure mobile communications and collaboration for all? Join this live Webcast as IDG asks an expert panel...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- Leveraging Flash Storage to Accelerate Oracle Real Application Clusters Join this webinar to understand the latest solid-state storage trends, the specific applications driving solid-state storage deployments and the benefits of deploying the...
- All Government IT Webcasts