DHS says it can handle cyberattacks

In the event of a cyberattack on the nation's infrastructure, the Homeland Security Department would have the authority and the wherewithal to coordinate an appropriate response, department officials told lawmakers today.

Members of the House Select Committee on Homeland Security questioned top information technology officials at DHS, focusing on recent reports that the department remains disorganized within and not well-coordinated with other federal, state and local agencies and the private sector.

Rep. Robert Andrews (D-N.J.) said he is concerned about the lack of clear lines of authority for responding to a national cyberattack. "Who's in charge when we have a crisis?" he asked.

Robert Liscouski, assistant secretary for infrastructure protection at DHS, said lines of communication are in place so that DHS could coordinate a national response. He said DHS' authority to coordinate a response is based on a presidential directive, Homeland Security Presidential Directive No. 7, which President Bush issued on Dec. 17, 2003. Authorities are still filling in the details of that directive, he said.

The fiscal 2005 budget for the National Cyber Security Division is $79 million, most of which is allocated for building up a national cyberspace security readiness and response system, Liscouski said. The core of that system is the existing U.S. Computer Emergency Readiness Team.

For its internal security needs, department officials announced that they will use a commercial product, called Trusted Agent FISMA, to capture and maintain security reporting data required under the Federal Information Security Management Act of 2002. Steven Cooper, DHS' chief information officer, said the use of that tool should "improve the timeliness and accuracy of our reporting." DHS has fared poorly in recent reports on FISMA compliance.