WASHINGTON, May 27 (UPI) -- The Department of Homeland Security has neglected to implement crucial cybersecurity measures that would protect the nation's computer systems, said a recent report by the Government Accountability Office.
The agency "has not fully addressed any of the (key) responsibilities" related to cybersecurity and national security "and much work remains ahead," the GAO said.
In June 2003 Homeland Security created the National Cyber Security Division as its unit to examine the cybersecurity of critical infrastructures. Under a federal law, the agency is responsible for developing a national plan for critical infrastructure protection related to cybersecurity, according to the GAO.
"However, DHS has not yet developed national cyber threat and vulnerability assessments or government/industry contingency recovery plans for cybersecurity, including a plan for recovering key Internet functions," the report added.
"Further, DHS continues to have difficulties in developing partnerships -- as called for in federal policy -- with other federal agencies, state and local governments, and private sector," the report said.
The Homeland Security Act of 2002 and other federal measures required the Department of Homeland Security to work with other federal and state agencies on cybersecurity issues, to improve communication between the public and private sectors on cyber attacks and threats and to integrate cybersecurity with national security.
In addition, Homeland Security is accountable for strengthening federal, state and local government cybersecurity, supporting research efforts on cybersecurity issues and identifying cyber threats and vulnerabilities, the report said.
GAO investigators found that Homeland Security confronted a host of hurdles implementing its strategic plan on cybersecurity.
The report pointed out that "organizational stability" and "overcoming hiring and contracting issues" were some of the impediments hindering the agency from achieving its mission.
"(U)ntil it effectively confronts and resolves these underlying challenges, DHS will have difficulty achieving significant results in strengthening the cybersecurity of our nation's critical infrastructures, and our nation will lack the strong cybersecurity focal point envisioned in federal law and policy," the GAO said.
"Over a year ago, I sent a detailed letter to (Homeland Security) Secretary (Tom) Ridge, raising concerns about the lack of results similar to those identified by GAO, and I am troubled that more progress has not been made in this vital area," said Sen. Joseph I. Lieberman, D-Conn., in a statement about the report.
"The good news is that this report provides a further roadmap for the Department of Homeland Security to follow up to help it fulfill its obligations. ... I strongly urge (Homeland Security) Secretary (Michael) Chertoff to devote the attention and resources necessary for the department to promptly secure our vital cyber infrastructure," said Lieberman, the ranking member on the Senate Committee on Homeland Security and Government Affairs.
"GAO's analysis affirms what this Committee has been saying for the past two and a half-years -- status quo does not serve our cybersecurity needs, said Rep. Christopher Cox, R-Calif., in a statement.
"Responsibility for cybersecurity needs to be elevated and better coordinated within the department. The nation needs a principal federal authority on cybersecurity to secure this vital component of our national infrastructure," said Cox, the chairman of the House Committee on Homeland Security.
The report also identified several sources, including terrorists, spammers, hackers and criminal groups, that U.S. intelligence officials saw as a threat to the nation's computers and networks.
"Government officials are increasingly concerned about attacks from individuals and groups with malicious intent --such as crime, terrorism, foreign intelligence gathering, and acts of war," the report said.
The GAO recommended that the Homeland Security Department set up several measures "to fulfill its mission as an effective focal point for cybersecurity." In particular, the agency should "engage appropriate stakeholders to prioritize key cybersecurity responsibilities so that the most important activities are addressed first."
Equally important, the department should conduct a national cyber-threat assessment.
With the National Cyber Security Division, the report said that the division should create "a prioritized list of key activities for addressing the underlying challenges that are impeding execution of its responsibilities."
David A. Powner, director of information technology management issues at the GAO, wrote the report at the request of congressional members from the Senate Committee on Homeland Security and Government Affairs, the House Committee on Homeland Security, Subcommittee on Economic Security, Infrastructure Protection and Cybersecurity and Committee on Government Reform.
