DHS Fails To Accomplish Cybersecurity Mission
Jim Kouri, CPP
July 05, 2005
Increasing computer interconnectivity has revolutionized the way that our government, our nation, and much of the world communicate and conduct business. While the benefits have been enormous, this widespread interconnectivity also poses significant risks to our nation's computer systems and, more importantly, to the critical operations and infrastructures they support.
The Homeland Security Act of 2002 and federal policy established the Department of Homeland Security as the focal point for coordinating activities to protect the computer systems that support our nation's critical infrastructures.
As the focal point for critical infrastructure protection or CIP, the Department of Homeland Security has many cybersecurity-related roles and responsibilities that were identified in law and policy. DHS established the National Cyber Security Division to take the lead in addressing the cybersecurity of critical infrastructures. While DHS has initiated multiple efforts to fulfill its responsibilities, it has not fully addressed any of the 13 responsibilities, and much work remains ahead.
For example, the department established the United States Computer Emergency Readiness Team as a public/private partnership to make cybersecurity a coordinated national effort, and it established forums to build greater trust and information sharing among federal officials with information security responsibilities and law enforcement entities. However, DHS has not yet developed national cyber threat and vulnerability assessments or government/industry contingency recovery plans for cybersecurity, including a plan for recovering key Internet functions.
DHS faces a number of challenges that have impeded its ability to fulfill its cyber CIP responsibilities. These key challenges include achieving organizational stability, gaining organizational authority, overcoming hiring and contracting issues, increasing awareness about cybersecurity roles and capabilities, establishing effective partnerships with stakeholders, achieving two-way information sharing with these stakeholders, and demonstrating the value DHS can provide. In its strategic plan for cybersecurity, DHS identifies steps that can begin to address the challenges. However, until it confronts and resolves these underlying challenges and implements its plans, DHS will have difficulty achieving significant results in strengthening the cybersecurity of our critical infrastructures.
DHS's failure to effectively address its management challenges and program risks could have serious consequences for our national security. Overall, DHS has made some progress, but significant management challenges remain to transform DHS into a more efficient organization while maintaining and improving its effectiveness in securing the homeland. Therefore, DHS's transformation remains a high-risk area. DHS faces a number of management challenges to improve its ability to carry out its homeland security missions.
Sources: US Department of Homeland Security, US General Accountability Office, National Security Institute, Computer Crime Research Center, National Association of Chiefs of Police
The Homeland Security Act of 2002 and federal policy established the Department of Homeland Security as the focal point for coordinating activities to protect the computer systems that support our nation's critical infrastructures.
As the focal point for critical infrastructure protection or CIP, the Department of Homeland Security has many cybersecurity-related roles and responsibilities that were identified in law and policy. DHS established the National Cyber Security Division to take the lead in addressing the cybersecurity of critical infrastructures. While DHS has initiated multiple efforts to fulfill its responsibilities, it has not fully addressed any of the 13 responsibilities, and much work remains ahead.
For example, the department established the United States Computer Emergency Readiness Team as a public/private partnership to make cybersecurity a coordinated national effort, and it established forums to build greater trust and information sharing among federal officials with information security responsibilities and law enforcement entities. However, DHS has not yet developed national cyber threat and vulnerability assessments or government/industry contingency recovery plans for cybersecurity, including a plan for recovering key Internet functions.
DHS faces a number of challenges that have impeded its ability to fulfill its cyber CIP responsibilities. These key challenges include achieving organizational stability, gaining organizational authority, overcoming hiring and contracting issues, increasing awareness about cybersecurity roles and capabilities, establishing effective partnerships with stakeholders, achieving two-way information sharing with these stakeholders, and demonstrating the value DHS can provide. In its strategic plan for cybersecurity, DHS identifies steps that can begin to address the challenges. However, until it confronts and resolves these underlying challenges and implements its plans, DHS will have difficulty achieving significant results in strengthening the cybersecurity of our critical infrastructures.
DHS's failure to effectively address its management challenges and program risks could have serious consequences for our national security. Overall, DHS has made some progress, but significant management challenges remain to transform DHS into a more efficient organization while maintaining and improving its effectiveness in securing the homeland. Therefore, DHS's transformation remains a high-risk area. DHS faces a number of management challenges to improve its ability to carry out its homeland security missions.
Sources: US Department of Homeland Security, US General Accountability Office, National Security Institute, Computer Crime Research Center, National Association of Chiefs of Police
Print
Email
