After months of escalating criticism from the IT industry that the Bush administration is devoting insufficient resources and attention to cyber-security, the fledgling Department of Homeland Security is already restructuring to give network safety a higher profile.
At a congressional hearing on cyber-security research and development Wednesday, Charles McQueary, undersecretary for science and technology at the new department, told lawmakers that organizational changes that will take place soon will show that the executive branch is taking cyber-security seriously.
The hearing of the House Committee on Science took on a very un-Washington, almost surreal quality as legislators chided civil servants for not chasing after enough funding for cyber-security R&D, and civil servants answered that there is plenty of money already being spent.
“Were not lacking for funds,” Anthony Tether, director of the Pentagons DARPA (Defense Advanced Research Projects Agency), told the committee. “I funded every idea thats come forth in this area this year. Were more idea-limited right now than we are funding-limited.”
Acting on ramped-up industry lobbying, legislators took to task the Department of Homeland Security, DARPA, the National Science Foundation and NIST (National Institute of Standards and Technology) for not seeking out or setting aside adequate funds for cyber-security. The preoccupation with national security since the terrorist attacks of Sept. 11 was expected to unleash a torrent of government spending on IT goods and services, but the federal funds have not been as forthcoming as industry had hoped.
According to committee chairman Sherwood Boehlert, R-N.Y., there have been complaints from throughout the research community that the Department of Homeland Security is not focusing on solving network vulnerabilities and that DARPA is operating under reduced resources.
“Its impossible to conclude that far more needs to be done,” Boehlert said, directing DARPAs Tether to “enlighten us as to why were moving in the wrong direction.”
Page Two
Most of DARPAs resources are directed at classified projects, according to Tether, who said that a peek at the agencys classified budget would make lawmakers more comfortable with the funding level.
“Were not concerning ourselves [with] the commercial networks,” Tether said, adding that DARPA is focused on solving problems that the private sector currently does not confront. The military faces threats from “attackers whose life depends on taking the network down,” he said, and projects are under way to make those networks increasingly wireless and peer-to-peer.
“Were really far ahead of the commercial world in this regard,” he said, adding that a prototype military network with 400 nodes to use for simulated attacks is in the works.
When President Bush disbanded the Presidents Critical Infrastructure Protection Board earlier this year following the resignation of its chairman, Richard Clarke, responsibilities for cyber-security were transferred to the Department of Homeland Security. However, the subject was not given a sufficiently high profile or a sufficiently high-ranking executive to satisfy industry.
Turning the tables and taking a shot at the private sector, federal research officials told the Science Committee Wednesday that if there is less-than-optimal attention devoted to cyber-security today, it is a result of problems in industry, not the government.
“As a nation, our greatest vulnerability is indifference,” said Arden Bement, NIST director, citing recent surveys indicating that private enterprises “dont really see themselves as a target.”
“They just havent quite stepped up to the plate,” Bement said.
Most Recent Security Stories:
Search for more stories by Caron Carlson.
Find white papers on security.
For more security news, check out Ziff Davis Medias Security Supersite.