Homeland Security's Cybersecurity Woes Continue - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Homeland Security's Cybersecurity Woes Continue

While the cabinet-level department has initiated a wide range of programs to tackle its 13 cybersecurity-protection responsibilities, it has yet to fully address any of them to the satisfaction of the GAO.

Dealing with its growing pains is preventing the Department of Homeland Security from meeting one of its primary IT challenges: providing cybersecurity. That's the gist of a 78-page report issued Thursday by the Government Accountability Office, the investigative arm of Congress.

The department established the National Cyber Security Division to help lead the government in addressing the cybersecurity of critical infrastructures. While giving the department credit for initiating a wide range of efforts to fulfill its responsibilities, GAO reports, it still hasn't fully addressed any of the 13 responsibilities [see below] it outlined for itself.

GAO, for instance, cites the department's United States Computer Emergency Readiness Team, a public-private partnership created to make cybersecurity a coordinated national effort. The readiness team formed forums to build greater trust and information sharing among federal officials with information security responsibilities and law enforcement agencies. "However," GAO IT management issues director David Powner wrote in the report, "DHS has not yet developed national cyber threat and vulnerability assessments or government/industry contingency recovery plans for cybersecurity,'' including a plan for recovering from a major disabling attack on the internet.

Among the challenges the GAO says the department continues to face in terms of ensuring critical infrastructure protection: achieving organizational stability, gaining organizational authority, overcoming hiring and contracting issues, increasing awareness about cybersecurity roles and capabilities, establishing effective partnerships with stakeholders, achieving two-way information sharing with these stakeholders, and demonstrating the value the department can provide. In its strategic plan for cybersecurity, the department identifies steps that will enable it to begin to address the challenges. "Until it confronts and resolves these underlying challenges and implements its plans, DHS will have difficulty achieving significant results in strengthening the cybersecurity of our critical infrastructures," Powner wrote.

GAO recommended that Homeland Security secretary Michael Chertoff should strengthen the department's ability to implement key cybersecurity responsibilities by completing critical activities and resolving underlying challenges. The department, in a written response to a draft of the report, agreed with GAO's recommendation that it should engage stakeholders to prioritize its responsibilities, but disagreed with and sought clarification on recommendations to resolve its challenges.

The department's key cybersecurity responsibilities, according to GAO's analysis of federal law and policy, include:

* Developing a national plan for critical infrastructure protection, including cybersecurity.

* Developing partnerships and coordinate with other federal agencies, state and local governments, and the private sector.

* Improving public-private information sharing involving cyber attacks, threats, and vulnerabilities.

* Developing and enhancing national cyber analysis and warning capabilities.

* Providing and coordinating incident response and recovery planning efforts.

* Identifying and assessing cyber threats and vulnerabilities.

* Supporting efforts to reduce cyber threats and vulnerabilities.

* Promoting research and development efforts to strengthen cyberspace security.

* Promoting awareness and outreach.

* Fostering training and certification.

* Enhancing federal, state, and local government cybersecurity.

* Strengthening international cyberspace security.

* Integrate cybersecurity with national security.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll