Senators call on DHS to improve cybersecurity efforts
The U.S. Department of Homeland Security (DHS) needs to develop a recovery plan for widespread attack on the Internet, and it needs stable leadership in cybersecurity, a government investigator told a U.S. Senate subcommittee Tuesday.
While DHS can track Internet threats, it doesn't have an Internet recovery plan or a national cybersecurity threat assessment, David Powner, director of IT management in U.S. Government Accountability Office (GAO), told a subcommittee of the Senate Homeland Security and Governmental Affairs Committee. DHS is making progress but more work needs to be done, he said.
"Until DHS addresses its many challenges ... it cannot function as a cybersecurity focal point for coordinating federal law and policy," Powner added. "The result is an increased risk, and large portions of our critical infrastructure are unprepared to effectively handle a cybersecurity attack."
Senators echoed Powner's criticisms, first outlined in a GAO report released in May. "The United States does not currently have a robust ability to detect a coordinated attack on our critical infrastructure, nor does it have a measurable recovery and reconstitution plan for key mechanisms of the Internet and telecommunications system," said Senator Tom Coburn, an Oklahoma Republican and chairman of the Federal Financial Management, Government Information and International Security Subcommittee.
DHS is working hard to improve the nation's cybersecurity efforts, said Andy Purdy, acting director of the DHS National Cyber Security Division. Purdy outlined several efforts under way at DHS. A draft of a national infrastructure vulnerability assessment, including a cybersecurity assessment, should be completed within a couple of months, and the DHS Internet Disruption Working Group is working on a plan for Internet recovery after a major attack, he said.