It's funny because it's the DHS, for crying out loud, the department that's been waving the banner for better infosecurity, demanding that private companies take responsibility for securing their networks and, hence, guard the country's critical infrastructure. On the other hand, it's exactly this reason that a failing grade by this department is so scary.
It's not just the report card – issued each year by a subcommittee of the House Committee on Government Reform – that bugs me.
Recently, Democratic members of the House Select Committee on Homeland Security also issued a report indicating some of the administration's and DHS's shortcomings in other areas, too.
The release of such a report during a presidential election year may be politically motivated, but partisan politics or not, America at Risk: The State of Homeland Security reveals interesting findings.
In the "Critical Infrastructure Protection" and "Cybersecurity" sections, the report accuses the administration of ignoring critical infrastructure issues, from failing to define the responsibilities of "key" state/local governments and the private sector, to falling behind on conducting comprehensive risk assessments of critical infrastructures.
The report also highlights how no progress has been made in the five cybersecurity priority areas set forth in the National Strategy to Secure Cyberspace. Plus, it states, the newly established Director of the National Cyber Security Division "is buried deep within DHS," and is, therefore, ineffectual.
This is ugly. It seems our government is no closer to strengthening our interconnected nation than it was a year ago. As the report implies, cybersecurity seems less of a priority than it was before.
"There is no longer a presidential advisor or senior official with the authority to direct all the agencies responsible for cybersecurity should a crisis occur," it states. Forget about a crisis – if those grades mean anything, it seems tough for most agencies to get a handle on cybersecurity without one. At least some agencies with their own in-house leaders are doing what they can to bolster security. Managers from the DOT,DOJ and the National Science Foundation all report that they're instigating changes to make infosec a top priority.
That's a start. Maybe it should have been undertaken even sooner, but thank goodness it's happening. No doubt, getting a handle on vast, mish-mashed networks, whether in a government agency or business, is not easy. Resolving to make cybersecurity a priority is.
Government officials can't keep pointing fingers. They must lead by example to show how infosec gets done – a 'D' average won't cut it.
Illena Armstrong is the U.S. and features editor of SC Magazine