Report Takes Homeland Security Department To Cyber-Woodshed

R. A. Hettinga rah at shipwright.com
Fri Jul 23 18:57:39 EDT 2004 

<http://www.informationweek.com/shared/printableArticle.jhtml?articleID=25600204>

Report Takes Homeland Security Department To Cyber-Woodshed

An internal audit says the department's efforts to defend against hackers,
computer criminals, and cybertterrorists have serious problems.


By Gregg Keizer, TechWeb News,   InformationWeek
 July 23, 2004
 URL:
http://www.informationweek.com/story/showArticle.jhtml?articleID=25600204



 The Department of Homeland Security's efforts to defend against hackers,
computer criminals, and even techno-terrorists are plagued by serious
problems that leave the country vulnerable, an Internal audit said.

 The report, which was compiled and issued by the agency's inspector
general, Clark Ervin, both praised the department and took it to task.
"Despite the progress made, DHS faces significant challenges in developing
and implementing a program to protect our national cyber-infrastructure,"
Ervin's report said.

 The report focused on the department's National Cyber Security Division, a
unit created last June that was to tackle Internet and network security. If
the division's shortcomings continue, the report noted, they could leave
the country's government and commercial computer networks vulnerable at a
time when security threats are at an all-time high and expected to only
increase in the future.

 The NCSD "must address these issues to reduce the risk that the critical
infrastructure may fail due to cyberattacks," the report said. If it
doesn't, the consequences of an attack on networks and other technology
infrastructure "can have a significant negative effect on the United
States."

 Computer attacks already cause billions of dollars in direct damages and
indirect losses every year.

 Many of the report's findings point to a problem that mimics those in the
recently released 9/11 Commission's report, which noted that a breakdown of
communication contributed to the terrorist attacks' success.

 "NCSD has not instituted a formal communications process within DHS, or
within the government, private, intelligence, or international communities.
The communications process is critical to encouraging the sharing of
critical cyberthreat and vulnerability information," the report said.

 Other problems within the division uncovered by the audit include an
inability to prioritize its initiatives, a lack of long-range plans with
milestones that would give Congress a clue as to progress, and a failure to
identify the resources it needs.

 The NCSD was not immediately available for comment. But in a previous
interview, Amit Yoran, the director of the NCSD and a former VP at security
firm Symantec Corp., rejected charges that progress in his division has
been slow.

 Ervin's report did applaud the division in several areas. The creation of
the United States Computer Emergency Response Team, which is to act as the
coordinator of computer security information, last year and the
establishment by the National Cyber Alert System in January were singled
out as important accomplishments.

 The report made a number of recommendations to the division's overseeing
directorate. According to Ervin, all the recommendations have been taken to
heart by the agency, but because none of the problems have been fully
addressed, he's standing by the report. "The resulting widespread
disruption of essential services after a cyberattack could delay the
notification of emergency services, damage our economy, and put public
safety at risk," the report concluded.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list