DHS Shake-Up Augurs Security Shift

The sudden resignation of Department of Homeland Security section chief Robert Liscouski, paired with the introduction of a House bill to give more authority to the country's top cyber-security official, could help the DHS attract a senior IT executive be

The sudden resignation of Department of Homeland Security section chief Robert Liscouski, paired with the introduction of a new bill in the U.S. House to give more authority to the countrys top cyber-security official, could help pave the way for the DHS to attract a senior IT executive better equipped to improve federal information security programs, experts say.

Liscouski, assistant secretary of the Information Analysis and Infrastructure Protection Directorate at the DHS, said last week he will resign at the end of next month. Part of Liscouskis responsibility is overseeing the National Cyber Security Division, which has been without a director since Amit Yoran resigned last fall. Yoran left his job saying hed grown frustrated with the limited authority of the directors position.

/zimages/2/28571.gifClick here to read more about Liscouskis resignation.

Liscouski has resisted several proposals from within the DHS and on Capitol Hill to give up some of his own authority and create an assistant secretary for cyber-security position. As a result, the DHS has, thus far, been unable to attract a suitable candidate to lead the NCSD, according to Washington insiders who say that Liscouskis departure now changes the game.

"I think making it an assistant secretary role is worth doing because you can recruit from a more senior pool of people," said Alan Paller, research director at The SANS Institute, in Bethesda, Md.

Yoran stated that he believes hiring a new director without elevating the position would be useless, given the amount of work still pending to implement the 2-year-old National Strategy to Secure Cyberspace.

"At this point they wont find a qualified candidate to move into the director position," Yoran said. "Weve done what can be done there. To move cyber-security forward, it needs to be integrated at a higher level. Its clear that the current approach doesnt deal with cyber-security in a way that reduces Americas vulnerability. They need to change something in the way theyre addressing cyber-security."

A House bill to make the cyber-security leader an assistant secretary, introduced by Reps. Zoe Lofgren, D-Calif., and Mac Thornberry, R-Texas, last week, is an updated version of a similar bill that was under consideration last year but ultimately failed. The bill would give the assistant secretary authority over all cyber-security programs throughout the department.

A trusted executive from within the private sector isnt the only possibility for filling the slot, however.

Beltway insiders say that, unlike Yorans hiring, which was an effort to get the NCSD up and running and lay the groundwork for improved relations with the private sector, the Bush administration may end up bringing in someone from inside the government who is known in Washington and familiar with how to get things done there. Yoran had some government experience when he was hired but had been in the private sector for some time and was an experienced entrepreneur and executive.

Whichever direction the department goes, it is unlikely officials will hire anyone for the NCSD job before a new DHS secretary is in place.

President Bush last week nominated Michael Chertoff, an appeals court judge, to replace Tom Ridge, who is resigning. But Chertoff must still go through the lengthy confirmation process, and the House bill also needs to get through, which is not a given.

But experts worry that the longer the government is without a top cyber-security official, the longer it will take to pick up the pieces and get things running smoothly again.

"Clearly the country is at risk. We do have a tremendous exposure here," said Yoran. "Cyber-security exists [in Washington], but its not at the forefront or even at the top of many peoples lists."

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.