National 'cyber summit' planned to aid federal outreach
The Homeland Security Department is planning to hold a national "cyber summit" this fall to address shortcomings in outreach efforts to state and local governments and the private sector on improving cybersecurity practices.
"That's where much of our work has to be done yet," Robert Liscouski, the department's assistant secretary for infrastructure protection, told a House subcommittee on Tuesday.
"I agree with you," Liscouski told Democratic Rep. Zoe Lofgren of California. "I don't think we have addressed [the lack of outreach] enough yet, either." Lofgren is the ranking Democrat on the House Homeland Security Subcommittee on Cybersecurity, Science, and Research and Development, which held the hearing.
The department soon will announce its efforts to expand existing public-private outreach groups to get greater implementation of security practices, Liscouski said.
The summit being considered for November will bring together key industry and government leaders to try to produce a common mechanism for reporting computer threats and vulnerabilities. It also will aim to develop a "vulnerability reduction initiative" that would promote more secure software and "best practices" for protecting critical infrastructures in coordination with the private sector and universities.
Other goals will include developing a partnership to educate the 50 million home computer users and small businesses, and completing a national cybersecurity roadmap, he said.
Lawmakers pressed Liscouski for details on what progress Homeland Security's cyber division has made since it was created June 6 and on whether the department has sufficient resources, expertise and authority to secure cyberspace.
Lofgren raised numerous concerns that the department is "just not providing sufficient leadership in the cyber arena." August was the "worst month ever" for computer viruses, despite the responsibility of the department to reduce vulnerabilities to government and critical-asset computers, as well as respond to cyber incidents, she said.
Liscouski said the delay in naming Amit Yoran as the department's cyber-security director and establishing a Homeland Security partnership with Carnegie Mellon University's Computer Emergency Response Team (CERT) Coordination Center has come from trying to put the "right team in place." Under the new relationship, the center will receive more funds and staff for its work with the department, and will expand it focus beyond responding to computer attacks to also addressing malicious code, he said.
Liscouski said that the department's management style is "very direct" and that Yoran will have to answer at times to Frank Libutti, the undersecretary for information analysis and infrastructure protection, and Homeland Security Secretary Tom Ridge. But he insisted that Yoran will be asked to use his expertise and judgment to make the department's cybersecurity decisions.
Liscouski said the cyber division has a "direct nexus" into the department's science and technology directorate, and it will work "robustly" with the Terrorist Threat Integration Center housed at the CIA.
The cyber division currently has adequate resources and staff, he said. Right now, there are 65 employees, and the department is looking for about 100 for fiscal 2004, he said.