By Alice Lipowicz
March 21, 2007
Although the Homeland Security Department has increased its attention to
cybersecurity in the past six months, it still has not implemented 25
recommendations that are needed to fulfill its cyber responsibilities,
according to a new report  from the Government Accountability Office.
DHS in September 2006 named Greg Garcia assistant secretary of
cybersecurity and telecommunications and has made progress on improving
awareness and coordination since then, the report states.
But much work remains to be done on 25 recommendations related to
assessing cyberthreats and vulnerabilities, providing warning of
cyberattacks, improving information sharing and coordinating response
and recovery following a cyberattack, including Internet recovery, the
While DHS has made progress in addressing some of these recommendations
much work remains to be done, the GAO said.
The report summarized progress in private-sector infrastructure
protection, including cybersecurity, for the nations 17 sectors, among
which are energy, financial services, food, information technology and
water supply. All 17 sector coordinating councils delivered their sector
protection plans to the federal government on schedule by December 2006,
the GAO said, but the quality of the plans varied. Each of the 17
sectors was supposed to include cybersecurity components in its plans.
The private sector participants reported challenges in the planning that
include lack of effective relationships with DHS, reflecting a lack of
trust; high employee turnover; and lack of understanding of
infrastructure operations at DHS. Other critical challenges involve
delays in obtaining guidance from the government and in receiving
numerous changes in guidance on how to do infrastructure protection
planning, the GAO report states.
Some private sector participants were fearful of sharing sensitive
information on their vulnerabilities and weak spots to their sector
coordinating councils because they worried the information might be
released to the public or subject them to lawsuits, the report states.
Alice Lipowicz writes for Washington Technology, an 1105 Government
Information Group publication.
Visit the InfoSec News Security Bookstore