Experts disagree on cybersecurity role for DHS
Cybersecurity experts disagreed Tuesday on whether the U.S. Department of Homeland Security should continue to lead the nation's cybersecurity efforts, with one critic saying the agency has largely failed to secure cyberspace.
DHS doesn't have the authority to coordinate cybersecurity efforts from other agencies, including the U.S. National Security Agency (NSA) and the U.S. Federal Bureau of Investigation, said James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), a Washington, D.C., think tank.
A CSIS commission of cybersecurity experts, in a report released in December, recommended that President Barack Obama strip DHS of its cybersecurity coordination authority and create a new cybersecurity office in the White House. Lewis repeated criticisms of DHS during a Tuesday hearing before the Senate Homeland Security and Governmental Affairs Committee, saying DHS should have a cybersecurity role but overall coordination is "beyond its competencies."
"Our networks are vulnerable, our opponents are inventive and energetic, and we are disorganized," Lewis said. "We need a comprehensive strategy and someone in charge of it."
U.S. cybersecurity efforts have been "hobbled by infighting" and DHS has no authority over U.S. military branches, intelligence agencies and law enforcement agencies working on cybersecurity, Lewis added. DHS does, however, have a role in protecting the nation's critical infrastructure and protecting the U.S. government's civilian networks, he said.
But Senator Susan Collins, a Maine Republican, and Stewart Baker, a former assistant secretary at DHS, disagreed with the CSIS recommendation. A cybersecurity czar in the White House would largely be shielded from congressional oversight and could lead to new "turf battles and confusing lines of authority," Collins said.
"On an issue as pressing and as complex as cybersecurity, congressional oversight is critical to making real progress," Collins added.
Collins and Baker both said Congress should give DHS enough resources and authority to do the job. While the cybersecurity efforts at DHS have not been perfect, the agency has made significant progress in the past year, Baker said.
A new cybersecurity office in the White House could take a couple of years to become fully functional, and there's no guarantee it would work better than DHS, he added. Creating a new organization would be a "recipe for treading water" for a couple of years, he said.
Instead of hoping a new organization would do better, "we would be much better off building [up] DHS in its capabilities," Baker added.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
