House appropriators took aim Tuesday at the Homeland Security Department's cybersecurity programs, asking for clarification of who is in charge of them and questioning whether the department has enough jobs filled to meet its responsibilities.
Comment on this article in The Forum.Homeland Security is responsible for securing federal computer networks under the Bush administration's massive, multibillion-dollar cybersecurity initiative.
Much of the initiative is classified, but the department has asked Congress for about $300 million in its fiscal 2009 budget to protect federal networks against cyber threats and intrusions.
During a hearing on the budget request, House Homeland Security Appropriations Subcommittee Chairman David Price, D-N.C., said confusion exists over how the department is coordinating its work.
The department has an office of cybersecurity and communications, headed by Assistant Secretary Gregory Garcia. The office includes a national cybersecurity division.
But in March, Michael Chertoff, secretary of the Homeland Security Department, announced creation of a national cybersecurity center under the department's office of policy, headed by Rod Beckstrom. "It does raise the issue, who's in charge of this initiative?" Price asked Homeland Security officials.
Robert Jamison, the department's undersecretary for the national protection and programs directorate, said Garcia is responsible for installing defense systems on government networks, while Beckstrom is responsible for understanding what kind of threats and attacks are occurring across the federal government and then feeding that information to Garcia's office. Garcia said his office has a broader role to secure the nation's communications infrastructure and improve emergency communications capabilities.
After the hearing, Price said he thought Jamison provided "a good response" and underscored distinct roles that the two offices are intended to fill, the chairman's aide said.
Rep. Harold Rogers, R-Ky., ranking member on the Homeland Security Appropriations Subcommittee, also questioned whether the national protection and programs directorate has adequate staffing, saying its ranks are only 71 percent filled.
Price added: "Whoever takes charge in 2009 needs to be able to rely on [the directorate] to help protect the country's vast infrastructure, and we need to make sure that on Jan. 21, 2009, the next president will have a highly functional organization helping protect our country."
Jamison said the directorate has about 330 vacancies and acknowledged that staffing levels need to be improved, especially with the presidential transition later this year. "We do have a lot of work to do, I'll have to admit that," he said.
He said most vacant positions were recently created through the fiscal 2008 budget and are almost filled. "We've made substantial progress; we've got a long way to go," he said.
Price also questioned how the directorate is prioritizing its spending, noting that it received an infusion of funds for fiscal 2008 and is likely to see more funding next fiscal year, "meaning that cybersecurity funds in 2009 will be more than triple the level just two years before."
Jamison said the department plans to install sensors on federal networks that will give it the capability, within the next two years, to detect intrusions in real-time. "We plan over the next year to deploy commercialized detection capabilities that can detect malicious code," he said.