IDG News Service - U.S. lawmakers questioned Wednesday whether the U.S. Department of Homeland Security has the authority or resources it needs to protect the nation against cyberattacks.
Some members of the House of Representatives Homeland Security Committee raised concerns about the number and quality of workers the cybersecurity division of DHS is able to recruit, and others asked whether DHS needs more authority from Congress to force other agencies to make changes to their cyberdefenses.
The U.S. government is not ready to fight a cyberwar, said Stewart Baker, a partner in the Steptoe & Johnson law firm and former assistant secretary for policy at DHS.
"There is no doubt that we are not prepared to address a major cyberattack today," he said. "If we end up in a serious conflict with five or 10 very sophisticated countries, we will be attacked, and we will not know how to respond."
Reported attacks on U.S. agencies increased by 400% from 2006 to 2009, said Representative Bennie Thompson, a Mississippi Democrat and committee chairman. "Whether the military or intelligence-gathering operations of foreign nations; domestic or international terrorist groups; lone-wolf, hate-driven individuals; common criminals, or thrill-seeking hackers, those attempting to infiltrate and exploit this country's computer networks are both numerous and determined," he said.
The urgency to fix cybersecurity problems at DHS and across the country is missing, said Representative Dan Lungren, a California Republican. "With the money we have now, with the authority that exists now, with the personnel that exists now ... can we do a significantly better job?" he said. "Or is the answer always going to be, 'We could do a better job if we had more money and we had more personnel?'"
U.S. government computer systems could be better secured, said Gregory Wilshusen, director of information technology at the U.S. Government Accountability Office. Many U.S. agencies haven't installed the technology needed to adequately protect their networks, he said.
"The controls are available, it's a matter of getting specific devices to be more secure," he said.
Many committee members focused on concerns they had with DHS.
The U.S. Computer Emergency Readiness Team (US-CERT), the DHS division with responsibility for defending federal civilian agencies against cyberattack, is understaffed and has had four directors in five years, Thompson said. Contractors at US-CERT outnumber federal employees by a ratio of about three to one, Thompson added.
US-CERT "does not have sufficient staff to analyze security information," he said. "Given these administrative failings, it should come as no surprise that day-to-day operations may suffer."
Congress gave US-CERT authority to increase its staff from 38 in 2008 to 98 in fiscal year 2010, which began last October, said Richard Skinner, inspector general at DHS. More than 40 of those positions remain unfilled, he said.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you like your iPhone, you can keep your iPhone. Period.
President Obama has revealed that he's not permitted to carry an iPhone. It's too insecure for the job, he says. Instead, he's stuck with a BlackBerry. Well, someone's got to have one still. However, it turns out that the Pentagon has also outlawed non-BlackBerry smartphones. In IT Blogwatch, bloggers joke that 2006 called and they want their smartphones back.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
Top Considerations for Moving to a Cloud Delivery Model for ITSM
Find out whether SaaS-based ITSM is right for you
- Software-as-a-service is more than just a cloud-based delivery model-it's a new approach to service that lets companies optimize utilization of in-house IT resources... All Government IT White Papers
- Pre-Engineered solutions from VCE Simplify Core Infrastructure Implementation In this video, the CTO of Purdue Pharma, a privately held pharmaceutical company explains how Purdue transformed their data center infrastructure with VCE.
- Integrated Infrastructure: Simplify Operations, Speed Deployments and Reduce Costs George Weiss, Gartner Vice President and Analyst, and Praveen Akkiraju, CEO of VCE, provide practical information regarding the various aspects of Integrated Infrastructures...
- Video: 5 Secrets To Scaling Enterprise Apps Watch this video to learn how to successfully scale enterprise apps>>
- Collaboration 2013: Where Mobility Meets Connectivity Mobility and collaboration are quickly converging and users are demanding more capabilities. It's no longer enough to enable file sharing. This Webcast dives...
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.