DHS on Its Own Cybersecurity: "Do As I Say, Not As I Do"

Created by Rodney J. Petersen (EDUCAUSE) on June 21, 2007

The Emerging Threats, Cybersecurity, and Science and Technology Subcommittee of the Homeland Security Committee in the U.S. House of Representatives held a hearing yesterday on the topic of “Hacking the Homeland: Investigating Cybersecurity Vulnerabilities at the Department of Homeland Security”. Chairman Rep. James Langevin (Dem-RI) commented, "It was a shock and disappointment to learn that the Department of Homeland Security - the agency charged with being the lead in our national cybersecurity - has suffered so many significant security incidents on its networks."

The full committee chairman, Rep. Bennie Thompson (Dem-Miss), asked:

How can the Department of Homeland Security be a real advocate for sound cybersecurity practices without following some of its own advice? How can we expect improvements in private infrastructure cyberdefense when DHS bureaucrats aren’t fixing their own configurations? How can we ask others to invest in upgraded security technologies when the Chief Information Officer grows the Department’s IT security budget at a snail’s pace? How can we ask the private sector to better train employees and implement more consistent access controls when DHS allows employees to send classified emails over unclassified networks and contractors to attach unapproved laptops to the network?

Witnesses which included the CIO from DHS and representatives of the Government Accountability Office were cautious to acknowledge that progress is being made despite shortcomings in DHS information security program. Rep. Thompson remarked, "The American people are tired of hearing that getting a 'D' is a security improvement," referring to the recent Annual Report Card on Computer Security for Federal Departments and Agencies.

More information regarding the hearing, including witness testimony and a recorded webcast, is available at http://homeland.house.gov/hearings/index.asp?ID=65

Rodney's blog
Login or register to post comments
4260 reads

		DHS on Its Own Cybersecurity: "Do As I Say, Not As I Do" Created by Rodney J. Petersen (EDUCAUSE) on June 21, 2007 The Emerging Threats, Cybersecurity, and Science and Technology Subcommittee of the Homeland Security Committee in the U.S. House of Representatives held a hearing yesterday on the topic of “Hacking the Homeland: Investigating Cybersecurity Vulnerabilities at the Department of Homeland Security”. Chairman Rep. James Langevin (Dem-RI) commented, "It was a shock and disappointment to learn that the Department of Homeland Security - the agency charged with being the lead in our national cybersecurity - has suffered so many significant security incidents on its networks." The full committee chairman, Rep. Bennie Thompson (Dem-Miss), asked: How can the Department of Homeland Security be a real advocate for sound cybersecurity practices without following some of its own advice? How can we expect improvements in private infrastructure cyberdefense when DHS bureaucrats aren’t fixing their own configurations? How can we ask others to invest in upgraded security technologies when the Chief Information Officer grows the Department’s IT security budget at a snail’s pace? How can we ask the private sector to better train employees and implement more consistent access controls when DHS allows employees to send classified emails over unclassified networks and contractors to attach unapproved laptops to the network? Witnesses which included the CIO from DHS and representatives of the Government Accountability Office were cautious to acknowledge that progress is being made despite shortcomings in DHS information security program. Rep. Thompson remarked, "The American people are tired of hearing that getting a 'D' is a security improvement," referring to the recent Annual Report Card on Computer Security for Federal Departments and Agencies. More information regarding the hearing, including witness testimony and a recorded webcast, is available at http://homeland.house.gov/hearings/index.asp?ID=65 Washington Update \| Cybersecurity \| Department of Homeland Security \| Federal Policy \| National Strategy to Secure Cyberspace Rodney's blog Login or register to post comments 4260 reads
		© Copyright 1999-2010 EDUCAUSE Need Help? \| Feedback \| Privacy Policy
	Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.