http://www.fcw.com/article103126-07-03-07-Web By Jason Miller July 3, 2007 A week after grilling Scott Charbo, the Homeland Security Departments chief information officer, about the agencys cybersecurity posture, the House Homeland Security Committee took aim at the efforts of DHS Science and Technology Directorate to improve federal security. At a June 27 hearing, lawmakers told Jay Cohen, the directorates undersecretary, that the $37 million slated for research and development through 2011 is not enough. Rep. Jim Langevin (D-R.I.), chairman of the committees Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, asked Cohen why the directorate doesnt have more interest in cybersecurity research. Cohen said that because 50 percent of the directorates budget is focused on meeting customer needs, Greg Garcia, DHS assistant secretary of cybersecurity and communications, has requested that only 1 percent of its funds be spent on researching and developing tools for securing information technology. Cohen said the directorate has satisfied 80 percent of Garcias requests. I would welcome Garcia or Scott Charbo to come forward and tell me what they need, Cohen told lawmakers. We need to deliver new and tested solutions to deal with cyberthreats. One percent is the minimum funding. We have to do better, and [we] will. Rep. Michael McCaul (R-Texas), the subcommittees ranking member, said Cohen should have asked Congress for more money because a 1 percent budget for cybersecurity is not nearly enough. McCaul said he hopes to introduce legislation that would require DHS to conduct a national vulnerability assessment for cybersecurity. This is something that is long overdue, he said. Cohen said he supported such an assessment, but it must include all agencies, not only DHS. Langevin said the Science and Technology Directorate must be more proactive in developing next-generation cybersecurity tools to get one step ahead of hackers. After the hearing, Robert Hooks, director of transition at the directorate, said the integrated product team for cybersecurity has worked on technology to combat insider threats and secure IT. We should be more proactive, but we have to find cybersecurity opportunities, Cohen said. We need entrepreneurs and inventors to come to us with opportunities to solve problems. Langevin also pushed Cohen to establish a cybersecurity center of excellence to address the existing R&D gaps. Cohen said he is changing the centers structure by awarding six-year contracts that are rebid every two years. He is also realigning the existing seven centers into five and adding four new ones. We will consider how best to defend and stay ahead of the cyberthreat, Cohen said. We may need smaller institutions that have expertise or develop a critical mass of these institutions. Langevin said he was also disappointed in the directorates strategic plan, which was delivered to the committee five years late. He said he wants to see a high-level strategy and vision and metrics for measuring the directorates performance. The failure to include metrics raises questions about the directorates ability to evaluate its own programs for effectiveness, Langevin said. Your plan contains gaps between innovative capabilities and basic research activities. Cohen promised to deliver the metrics and other changes Langevin asked for. Cohen said he would bypass the process of soliciting comments from other agencies and send the plan directly to the Office of Management and Budget for approval. I will get you the national strategy by the end of the fiscal year, Cohen told Langevin. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jul 03 2007 - 22:46:03 PDT