Opinion

DHS and Cybersecurity: Yes, No, Maybe So?

[FUD Watch with CSO Senior Editor Bill Brenner] A lot of smart people think the Department of Homeland Security is too inept to handle our online defenses. But moving cybersecurity elsewhere won't necessarily solve the larger problem

By Bill Brenner, Senior Editor

December 17, 2008 — CSO —

The Department of Homeland Security (DHS) has had a stained reputation almost from the start, and especially since its dismal performance in the wake of Hurricane Katrina. With a new administration coming in January, a lot of smart people are scrutinizing the agency and trying to carve out the way forward.

Bill Brenner

Among the nagging questions is whether or not DHS should continue to oversee the government's cybersecurity efforts. I'm having trouble forming an opinion.

There's no question DHS is a troubled agency and it's doing not nearly enough to prepare for a potential Cyber 9-11. But I'm skeptical of the idea that Washington will do better by simply moving the responsibility to another part of the government.

Last week, a group of outside experts recommended cybersecurity be moved from DHS -- which "isn't equipped to protect the federal government against cyberattacks" -- to an office within the Obama White House. Many members of the Commission on Cyber Security for the 44th Presidency "felt that leaving any cyber function at DHS would doom that function to failure," according to its recently-released 96-page report.

The commission also wants new government regulations to protect computer networks in the U.S. Such regulations would call for readjusting government efforts to defend its own infrastructure, but regulations for private industry are also needed, the report said.

It would be easy to agree straight away that cybersecurity could be better handled from within the White House. But it's not necessarily fair to take it out of DHS's hands right now.

For starters, DHS is still a young agency. Clearly too many smaller agencies were crammed into its belly and there's no trace of efficiency in Michael Chertoff's sprawling house. That doesn't mean the problem can't be fixed or at least improved by a change in leadership. [Note: President-Elect Obama has nominated Arizona Gov. Janet Napolitano to succeed Chertoff.]

It's also far from certain the government could do a better job by running cybersecurity efforts from the White House.

I went to Facebook, LinkedIn and Twitter -- my social networking sites of choice -- soliciting opinions on this and, not surprisingly, my unscientific poll showed a split down the middle.

Here's a former colleague and one of my trusted security sources arguing for DHS getting another chance:

The former colleague, via Facebook: "If there are failures or weaknesses there, they should be addressed just like a faulty radar system or poorly designed sub. Ineptitude by any governmental body entrusted with protecting key infrastructure shouldn't be grounds for moving the responsibility to a private agency. Reform the agency, inject resources and leadership."