Inspector general: DHS' cybersecurity efforts only partly successful
Many operational aspects remain unclear and incomplete, the inspector general says.
IG's report: Progress and Challenges in Security the Nation's Cyberspace
The Homeland Security Department has partially fulfilled its mission to protect the nation from cyberterrorism, but many operational aspects remain unclear and incomplete, the department's inspector general said in an internal report released this week.
Some of the report examines events in 2003, when officials failed to quickly get down to business once the National Cyber Security Division was created, the report states. The division's director, Amit Yoran, did not report to DHS until mid-October 2003 and did not begin conducting weekly staff meetings to discuss priorities until February, it states.
The review was conducted between December 2003 and February.
The report also criticizes DHS officials for continually reworking the division's organizational chart. During a four-month period, the report states, DHS officials drafted three organizational structures for the cybersecurity division.
Officials in DHS' Information Analysis and Infrastructure Protection Directorate, the division's parent organization, defended the changes in a written response to the report. Frequent revisions to the chart are necessary as they attempt to achieve optimal efficiency, directorate officials said. They plan to release another revision of the chart later this summer or early fall.
The cybersecurity division began with a budget of $78.8 million, a staff of 29 full-time equivalent federal employees and many more contractors. By February of this year, the division had a staff of 84 people, of which 21 full-time equivalents were federal employees and 63 were contractors.
Cybersecurity division officials estimate they will need 112 employees -- 45 full-time equivalent employees and 67 contractors -- and a budget of $79.6 million to reach their strategic objectives for the coming year.
In its recommendations, the report states that DHS officials in charge of cybersecurity should set priorities and deadlines for work, complete their organizational structure, and develop strategic plans for branch offices that match the division's priorities.
The report also calls for ways to measuring how well cybersecurity officials are carrying out the mission described in the National Strategy to Secure Cyber Space. That document, released in February 2003, serves as a blueprint for efforts to protect public safety and the economy from attacks on critical computer and telecommunications networks.
Cybersecurity officials should develop not only internal measures of the division's performance but also external measures for public- and private-sector groups to use, according to the report.
Equally important, according to some business leaders, is the inspector general's recommendation that DHS' cybersecurity leaders improve communications with the public and private sectors. Cybersecurity officials responded in writing, saying they had an outreach plan. The inspector general has asked to see that plan.
DHS serves as a primary contact for public and private sectors on cybersecurity.