Experts disagree on cybersecurity role for DHS
Cybersecurity experts disagreed Tuesday on whether the U.S. Department of Homeland Security should continue to lead the nation's cybersecurity efforts, with one critic saying the agency has largely failed to secure cyberspace.
DHS doesn't have the authority to coordinate cybersecurity efforts from other agencies, including the U.S. National Security Agency (NSA) and the U.S. Federal Bureau of Investigation, said James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), a Washington, D.C., think tank.
A CSIS commission of cybersecurity experts, in a report released in December, recommended that President Barack Obama strip DHS of its cybersecurity coordination authority and create a new cybersecurity office in the White House. Lewis repeated criticisms of DHS during a Tuesday hearing before the Senate Homeland Security and Governmental Affairs Committee, saying DHS should have a cybersecurity role but overall coordination is "beyond its competencies."
"Our networks are vulnerable, our opponents are inventive and energetic, and we are disorganized," Lewis said. "We need a comprehensive strategy and someone in charge of it."
U.S. cybersecurity efforts have been "hobbled by infighting" and DHS has no authority over U.S. military branches, intelligence agencies and law enforcement agencies working on cybersecurity, Lewis added. DHS does, however, have a role in protecting the nation's critical infrastructure and protecting the U.S. government's civilian networks, he said.
But Senator Susan Collins, a Maine Republican, and Stewart Baker, a former assistant secretary at DHS, disagreed with the CSIS recommendation. A cybersecurity czar in the White House would largely be shielded from congressional oversight and could lead to new "turf battles and confusing lines of authority," Collins said.
"On an issue as pressing and as complex as cybersecurity, congressional oversight is critical to making real progress," Collins added.
Collins and Baker both said Congress should give DHS enough resources and authority to do the job. While the cybersecurity efforts at DHS have not been perfect, the agency has made significant progress in the past year, Baker said.
A new cybersecurity office in the White House could take a couple of years to become fully functional, and there's no guarantee it would work better than DHS, he added. Creating a new organization would be a "recipe for treading water" for a couple of years, he said.
Instead of hoping a new organization would do better, "we would be much better off building [up] DHS in its capabilities," Baker added.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
