[ISN] Lawmakers to DHS: Spend more on cybersecurity

From: InfoSec News (alerts@private)
Date: Tue Jul 03 2007 - 22:33:06 PDT


By Jason Miller
July 3, 2007

A week after grilling Scott Charbo, the Homeland Security Departments 
chief information officer, about the agencys cybersecurity posture, the 
House Homeland Security Committee took aim at the efforts of DHS Science 
and Technology Directorate to improve federal security.

At a June 27 hearing, lawmakers told Jay Cohen, the directorates 
undersecretary, that the $37 million slated for research and development 
through 2011 is not enough. Rep. Jim Langevin (D-R.I.), chairman of the 
committees Emerging Threats, Cybersecurity, and Science and Technology 
Subcommittee, asked Cohen why the directorate doesnt have more interest 
in cybersecurity research.

Cohen said that because 50 percent of the directorates budget is focused 
on meeting customer needs, Greg Garcia, DHS assistant secretary of 
cybersecurity and communications, has requested that only 1 percent of 
its funds be spent on researching and developing tools for securing 
information technology. Cohen said the directorate has satisfied 80 
percent of Garcias requests.

I would welcome Garcia or Scott Charbo to come forward and tell me what 
they need, Cohen told lawmakers. We need to deliver new and tested 
solutions to deal with cyberthreats. One percent is the minimum funding. 
We have to do better, and [we] will.

Rep. Michael McCaul (R-Texas), the subcommittees ranking member, said 
Cohen should have asked Congress for more money because a 1 percent 
budget for cybersecurity is not nearly enough.

McCaul said he hopes to introduce legislation that would require DHS to 
conduct a national vulnerability assessment for cybersecurity. This is 
something that is long overdue, he said.

Cohen said he supported such an assessment, but it must include all 
agencies, not only DHS.

Langevin said the Science and Technology Directorate must be more 
proactive in developing next-generation cybersecurity tools to get one 
step ahead of hackers.

After the hearing, Robert Hooks, director of transition at the 
directorate, said the integrated product team for cybersecurity has 
worked on technology to combat insider threats and secure IT.

We should be more proactive, but we have to find cybersecurity 
opportunities, Cohen said. We need entrepreneurs and inventors to come 
to us with opportunities to solve problems.

Langevin also pushed Cohen to establish a cybersecurity center of 
excellence to address the existing R&D gaps.

Cohen said he is changing the centers structure by awarding six-year 
contracts that are rebid every two years. He is also realigning the 
existing seven centers into five and adding four new ones.

We will consider how best to defend and stay ahead of the cyberthreat, 
Cohen said. We may need smaller institutions that have expertise or 
develop a critical mass of these institutions.

Langevin said he was also disappointed in the directorates strategic 
plan, which was delivered to the committee five years late.

He said he wants to see a high-level strategy and vision and metrics for 
measuring the directorates performance.

The failure to include metrics raises questions about the directorates 
ability to evaluate its own programs for effectiveness, Langevin said. 
Your plan contains gaps between innovative capabilities and basic 
research activities.

Cohen promised to deliver the metrics and other changes Langevin asked 
for. Cohen said he would bypass the process of soliciting comments from 
other agencies and send the plan directly to the Office of Management 
and Budget for approval.

I will get you the national strategy by the end of the fiscal year, 
Cohen told Langevin.

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Tue Jul 03 2007 - 22:46:03 PDT