News
DHS Bears Brunt of Criticism at House Cybersecurity Hearing
Lack of leadership still hampers efforts at creating comprehensive threat-response capability
By Jaikumar Vijayan, Computerworld (US)
Without such changes, federal efforts to secure critical systems will continue to fall short of what's required, the GAO said in the report.
Although there appeared to be a broad consensus about the continuing leadership failures of the DHS at the hearing, almost everyone who spoke also seemed to agree that the agency has an indispensable role on the operational side of cybersecurity programs.
Scott Charney, vice president of Microsoft's Trustworthy Computing initiative, said that what's critical is to get the "organizational structure" right at the DHS and give it an appropriate cybersecurity role. That should involve working with the NSA and the National Institute of Standards and Technology "to decide what the minimum bar is for security" across the federal government, said Charney, who added that the DHS needs to clearly spell out which security controls are required and which are recommended.
A DHS spokeswoman didn't immediately respond to a request for comment on the criticisms leveled at the agency during the hearing. But in a statement sent via e-mail in response to questions about Beckstrom's resignation and the NSA's involvement in cybersecurity matters, the DHS defended itself, saying it "has a strong relationship with the NSA and continues to work in close collaboration with all of our federal partners on protecting federal civilian networks."
Tuesday's hearing was held in the midst of a 60-day review of federal cybersecurity programs that was ordered by President Barack Obama and is being led by Melissa Hathaway, who worked in the Office of the Director of National Intelligence during the Bush administration.
Rep. Yvette Clarke (D-N.Y.), chairwoman of the subcommittee that held the hearing, called on Hathaway to focus on three key issues in her review: the need for a national cybersecurity strategy, high-level leadership concerns and any policy and legal shortfalls that might hamper future cybersecurity efforts. Clarke also noted that there already have been numerous reports on how to improve the country's cybersecurity standing. "What has been lacking is the courage and leadership to actually implement these recommendations," she said.
© 2009 Computerworld Inc.
cybersecurity
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
