3 min read

GAO: Homeland Security Isn’t Protecting Internet

Some experts urge the government to plan better for recovering from a widespread attack on the nation’s computers.
The Department of Homeland Security has failed to fully address any of its 13 key cyber security responsibilities, a government investigator told the Senate in a hearing earlier this week.

The result, said Sen. Tom Coburn (R-Okla.), the chairman of the Subcommittee on Federal Financial Management, Government Information, and International Security, is that "vulnerabilities still exist today, only now they are less excusable.

"The government's plan to secure our vital infrastructures from a cyber threat remains vague…despite clear legislative and executive mandates," Coburn added.

Coburn's blast at the Department of Homeland Security (DHS) came as David Powner, a key official in the Government Accountability Office (GAO), the watchdog that has repeatedly criticized federal agencies' computer security, testified before the committee and released a 21-page report on the GAO's cyber-security findings.

DHS has no plans in place for recovering from a widespread attack, nor a national threat and vulnerability assessment program, said Powner. "[The department] has not developed and exercised government and government/industry contingency recovery plans, including a plan for recovering key Internet functions," he testified.

Other failures, Powner went on, include difficulties working and sharing information with other federal agencies, and with companies and researchers in the private sector; poor integration of cyber security with national security as a whole; and no idea of how to reduce vulnerabilities, since a comprehensive vulnerability assessment hasn't been completed.

While Homeland Security has made progress in many areas, Powner said, it's failed to master any of the 13 key responsibilities and "has much work ahead in order to be able to fully address them."

Until it does, the country faces "increased risk that large portions of our national infrastructure are unprepared to effectively address cyber emergencies," Powner concluded.

Senators used the report to hammer at the DHS slow cyber security progress. "America expects DHS to take every reasonable measure to protect us from terrorism," said Coburn. "I am not convinced that threshold has been met [here]."

The acting director of DHS's cyber security division, Andy Purdy, defended his agency's efforts before the Senate, but admitted it had a hard row to hoe.

"We believe [the GAO report] has provided a fair assessment of the progress to date and agree that while considerable work has been done, much work remains," Purdy said.

Purdy hoped that his successor would be able to speed up matters. Last week, DHS Secretary Michael Chertoff announced that the head of the country's cyber security would soon be a higher-level position with more authority. The new Assistant Secretary for Cyber and Telecommunications Security, however, has not yet been named.

"With the proposed appointment of a new Assistant Secretary, we are confident that we will accelerate our cyber security efforts," said Purdy.

We had better, said Sen. Coburn.

"The nature of terrorists is to attack private citizens as we recently saw in the horrific attack in the United Kingdom. There can be no excuse for not effectively engaging the private sector [on cyber security], even though it is hard. We ask no less of our food safety, airline security, and pharmaceutical industries," he said.