Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 02/26/04 web stories

DHS brass defend government’s cybersecurity efforts

By William Jackson, GCN Staff

Story Tools:

  • Purchase a Reprint
  • Link to this page
SAN FRANCISCO—Although the Homeland Security Department does not—and cannot—focus all its attention on cybersecurity, it is a priority, a pair of senior government officials yesterday told attendees at the RSA Security Conference.

“My message today on behalf of the Bush administration is ‘we get it,’ ” said retired Gen. John Gordon, White House homeland security adviser.

Penrose Albright, chief of the Homeland Security Department’s Science and Technology Directorate, said his group focuses on R&D related to homeland security tools. But only a small portion of the directorate’s portfolio emphasizes cybersecurity, he said. For fiscal 2005, for instance, $18 million of the directorate’s $1.4 billion budget is slated for IT security R&D.

But, Albright noted, the government in all spends about $1 billion annually on IT security research at organizations such as the Defense Department, National Institute of Standards and Technology and National Science Foundation.

“Our job is not to reinvent cybersecurity,” he said.

The same day that Gordon and Albright spoke, the conference organizers reported that Internet security has worsened in the last year and the government’s security footing has slipped more than that of other sectors.

The second annual Internet Insecurity Index put the level of overall insecurity at 7, compared to 6 last year. The government’s insecurity level slipped from a relatively favorable 4 rating last year to 6 this year. Among the factors cited were the lack of teeth in the National Strategy to Secure Cyberspace, released a year ago, and the government’s poor showing in the most recent cybersecurity report card from Congress. The government received a D for IT security overall, and the Homeland Security Department an F.

Albright, assistant secretary of Homeland Security for science and technology, explained the department’s disappointing performance. DHS, which opened for business in March, made progress in its first year but still is in the early stages of consolidating its infrastructure and resources, he said.

“It’s doubly hard for the department,” Albright said in an interview. “It’s not like our infrastructure is consolidated.”

The department’s first year has been focused on operational issues such as deploying biosensors in large cities and at border control facilities. “It’s fair to say some of the internal infrastructure issues have taken a back seat,” he said. “I think our focus will always remain on issues of catastrophe. I’m not making excuses,” but with limited resources, internal security will probably always come second to national security.

“Having said that, I do not want to receive an F next year,” he said.

DHS has made a major acquisition in bringing Sandia National Laboratory into the department, Albright said. Sandia, the government’s premiere cybersecurity research center, has been moved, along with a number of other national laboratories, from the exclusive control of the Energy Department to Homeland Security.

“We don’t just have access to it, we are an owner,” Albright said.

Gordon, assistant to the president for homeland security, renewed the government’s call for the voluntary public-private partnership called for in the National Strategy to Defend Cyberspace.

But he cautioned against using the term cyberterrorism. Terrorists today use the Internet, Gordon said, but “to date they have not engaged in cyberwarfare.”

Nonetheless, the government’s leaders “must recognize the possibility, if not the likelihood, of a strategic cyberattack against the country.”

Securing against such an attack requires a voluntary partnership, he said, and despite criticism of the national strategy, the government’s position is still that it should not be a regulator of IT.

The ongoing fight against terrorism will require better intelligence gathering and improved sharing and analysis of data, Gordon said.

“This will be a major IT challenge,” he said. “And a potential market.”

More news on related topics: Homeland Security, IT Security