Former Homeland Security cyber chief says challenges persist
The former cybersecurity chief at the Homeland Security Department Wednesday told Congress that the government faces several challenges to bolster cyber security.
"Procurement practices by the federal government to enhance cyber security features ... are not effective and are rarely enforced with consistency, resulting in the single greatest missed opportunity to positively influence and drive better security capabilities," said Amit Yoran, who left his position last fall as director of Homeland's cybersecurity division after one year on the job.
He added that his former colleagues struggle with "mission responsibilities" and "greater clarity is needed and support must be given to centralize cybersecurity functions across government."
Yoran told the House Homeland Security Subcommittee on Economic Security, Infrastructure Protection and Cyber Security during a hearing that a measure to elevate his former post to assistant secretary is not "inconsistent with a unified or integrated risk management" strategy, but "on its own it does not address the government's challenges in cybersecurity."
Yoran and other cybersecurity experts testified that the Bush administration needed to spend more money on research and developing cyber security countermeasures.
Homeland Security Committee Chairman Christopher Cox, R-Calif., said he plans to add a provision creating a new assistant secretary for cybersecurity post at the department to an underlying authorization measure next week. Cox and other lawmakers on the panel have argued the department must pay more attention and spend more money on cybersecurity activities.
"In Washington, unless you're at a certain level, people don't pay attention," said ranking member Bennie Thompson, D-Miss. Sen. Charles Schumer, D-N.Y., has included similar provisions in an identity protection bill introduced after recent reports of cyber attacks on company databases.
The House subcommittee approved a bill, H.R. 285, Wednesday that would establish an assistant secretary for cybersecurity within the Homeland Security Department.
Prior to creating the department in 2002, the administration had a special adviser on cybersecurity to the president. When Congress created the department, the administration placed the cyber chief within a division of a division.
Yoran said significant challenges exist across the government and in the private sector to raising awareness and vulnerabilities about cyber attacks.
The department has estimated that more than 80 percent of the nation's critical infrastructure is owned by the private sector. Yoran Wednesday reiterated the department's position that responsibility for those computer systems "lies largely in the private sector."
But the other witnesses at the hearing stressed that an assistant secretary would provide a leadership position with internal clout that could call meetings and coordinate across federal agencies and would send a symbolic message to other countries and cyber hackers that the U.S. government is serious about information security.