WASHINGTON – Homeland Security and Governmental Affairs Committee Ranking Member Joe Lieberman, D-Conn., said Thursday that the nation’s critical computer infrastructure remains vulnerable to criminal or terrorist attack in part because of major underlying management problems at the Department of Homeland Security.
Lieberman’s comments came on the heels of a new Government Accountability Office report on protection of the nation’s public and private cyber infrastructures essential to our national security, economic well being, and the health and safety of the American public. The Internet and other telecommunications networks, our power grid and water supply, our public health and law enforcement services, emergency response, and even national defense all depend on the security of their interconnected computer operations.
“We have a long road ahead before the cyber-structure that underpins our nation’s critical infrastructure is secured from pranksters and saboteurs,” Lieberman said. “We knew this job would be difficult and time consuming and we were right.
“Over a year ago, I sent a detailed letter to Secretary Ridge, raising concerns about the lack of results similar to those identified by GAO, and I am troubled that more progress has not been made in this vital area. The good news is that this report provides a further roadmap for the Department of Homeland Security to follow to help it fulfill its obligations…I strongly urge Secretary Chertoff to devote the attention and resources necessary for the Department to promptly secure our vital cyber infrastructure.”
The report, made public Thursday, found that DHS “has not fully addressed” any of its 13 chief cybersecurity tasks, although it has initiated efforts on many fronts. For example, the department has issued an interim report on infrastructure protection that includes cybersecurity and has made efforts to open the lines of communication between information security officers and law enforcement officials.
However, GAO said DHS has yet to develop a national threat assessment, a contingency plan in case of attack, and a plan to recover key internet functions, should they be disabled. Furthermore, the Department “continues to have difficulties” establishing working partnerships with other local, state, and federal agencies and with the private sector.
Among the systemic management problems that must be resolved before infrastructures can be adequately protected from cyber attack are organizational stability and authority, contracting and hiring problems, and effective partnerships and information sharing.
“Until it confronts and resolved these underlying challenges…DHS will have difficulty achieving significant results in strengthening the cybersecurity of our critical infrastructure,” the report said.
Senator Lieberman’s March 2004 letter to Secretary Ridge is available at: http://www.hsgac.senate.gov/_files/040104LiebermanRidgeLetter.pdf