Draft cybersecurity review has DHS on defensive

The Homeland Security Department and a commission of cybersecurity experts are butting heads over how best to protect the country's computer networks in a dispute that the next president and Congress will have to settle. The commission, established by the Center for Strategic and International Studies, doubts that Homeland Security should be in charge of securing federal computer networks, according to a draft report under consideration by its members.

Comment on this article in The Forum."One of the first tasks of the new administration will be to fix the Department of Homeland Security," the draft states. "Any cybersecurity effort will face serious problems if the Department implements it as it is currently configured. There is a universal belief at present that DHS is not capable of discharging the evolving cybersecurity mission."

Homeland Security was given responsibility for securing federal civilian networks and key private sector networks under the Bush administration's multibillion-dollar cybersecurity initiative, most of which remains classified. But the commission has been unable to find out who is in charge of overall coordination for cybersecurity efforts, said James Lewis, director of the CSIS technology and public policy program.

"This is now a national security problem," he said. "It needs to be treated like any other national security problem and coordinated through the White House."

Lewis cautioned that the draft report is likely to change as panel members work on it. He also said the members are wrestling with what role, if any, Homeland Security should have in cybersecurity efforts.

The commission was established with the support of House Homeland Security Emerging Threats Subcommittee Chairman Jim Langevin, D-R.I., and ranking member Michael McCaul, R-Texas, to make cybersecurity recommendations to the next president.

A top Homeland Security official is defending the administration's cybersecurity approach and the department's work. "I can say for the first time we've got a comprehensive strategy," Robert Jamison, undersecretary for Homeland Security's national protection and programs directorate, said in an interview with reporters Friday. "I think absolutely the last thing you want to do is to break off that path and start talking about reorganization of roles and responsibilities," he added. "I think you've got to stay the course and keep moving out."

Jamison said the comprehensive strategy is supported across federal agencies and backed up by implementation plans and funding. With Homeland Security in the lead role, he said the number of Internet access points across the government has been reduced from more than 4,000 to fewer than 1,000. By the end of the year, that number will be fewer than 100. Jamison added that devices will be installed across federal civilian networks by the middle of next year that provide real-time detection of network intrusions. He said the commission has not contacted or met with him or his staff, and he encouraged it to do so before issuing a final report.

Lewis said the commission has been briefed by Homeland Security officials and has interaction with the department. "The people who are most vehemently opposed to keeping stuff at DHS are the people who used to work there," Lewis said.