By Greta Wodele and Randy Barrett
National Journal's Technology Daily
July 7, 2005
Legislation that would promote cybersecurity efforts within the
Homeland Security Department could wither on the vine again this year,
despite agreement among lawmakers, the private sector and government
officials that the department must do more to prevent cyber attacks.
The House in May overwhelmingly approved a measure, H.R. 1817 , to
tweak programs at the department. It includes a provision to elevate
the cybersecurity mission by promoting the director of the
department's cybersecurity division to the assistant secretary level.
"The cybersecurity mission is too important too handle at this
relatively low level," read a summary of the legislation authored by
the House Homeland Security Committee.
While similar legislation has been introduced in the Senate, it is
unlikely the chamber would vote on a bill this year. It has been
bogged down with fights over President Bush's nominees and legislative
work is expected to slow further as senators will debate Bush's
nomination to the Supreme Court.
Industry representatives have applauded the House language, which was
introduced last year as a stand-alone bill. However, that measure was
never sent to the House floor for a vote.
Industry groups repeatedly have urged the government to do more to
protect against debilitating cyber attacks on critical infrastructure
-- a majority of which is owned by the private sector.
"This can come up and bite us in a number of ways," said Paul Kurtz,
executive director of the Cyber Security Industry Alliance. "I hope
Secretary [Homeland Security Secretary Michael] Chertoff and the
administration will see fit to give [the position] more attention. A
deputy secretary will not do."
Tech industry executives said Homeland Security is nearly wholly
focused on physical security issues -- not electronic ones. Chertoff
is currently reviewing department staffing, and some hope he will act
to name a high-level cyber-security secretary soon.
"I have a sense Secretary Chertoff understands something is rotten in
the state of Denmark," said Harris Miller, president of the
Information Technology Association of America. "How can it be a
critical issue when the U.S. government has buried the position five
A government report in late May reinforced supporters' arguments for
the elevated position. A study conducted by the Government
Accountability Office, the investigative wing of Congress, found that
the department had not fully addressed 13 responsibilities, including
drafting a plan to protect critical infrastructure and identifying
cyber threats and vulnerabilities.
The department agreed at the time that officials had much more to do
on the cyber-security front but disagreed with GAO that it has not
made significant progress on that mission since the department's
inception nearly three years ago.
Despite the sense of urgency, the department has yet to name a new
director of the cybersecurity division. The former chief, Amit Yoran,
resigned late last year. Andy Purdy, the acting director, has been
running the division temporarily.
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 -
2,000+ international security experts,
10 tracks, no vendor pitches.