Comparing the potential effect of a cyber-disaster to the ravages of Hurricane Katrina, lawmakers have called on the Department of Homeland Security and commercial infrastructure owners to explain why more progress isnt evident in preparing for a massive cyber-attack.
“I never want to sit on a special committee set up to investigate why we were unprepared for a cyber-attack,” said Rep. Sherwood Boehlert, R-N.Y. “We know we are vulnerable.”
Boehlert, chairman of the House Committee on Science, held a hearing earlier this month on vulnerability and preparedness in cyberspace. Other congressional committees have sought answers this year from the DHS on why more progress hasnt been made, but the departments insufficient response to Hurricane Katrina—namely, the response by the DHS Federal Emergency Management Agency—has given the matter of cyber-security greater urgency.
“Its inevitable that you look at it in context to Katrina,” said Rep. Bart Gordon, D-Tenn. “What if all the banks [and] all the power systems go out of order? For the American public, it means a big bill. I dont want to be here at a hearing later on saying what went wrong. We want to get in front of this.”
Members of the House Committee on Science complained that the DHS has not moved with sufficient speed to secure the networks that underpin the nations critical infrastructure, including the power grid, energy sector and telecommunications networks. A review released in July by the Government Accountability Office found that the department had not yet developed vulnerability assessments or contingency plans.
Information security officers from several critical infrastructure sectors told lawmakers that the degree of vulnerability and threats remains unknown.
“We are vulnerable to an undetermined extent,” said Gerald Freese, director for enterprise information security at the American Electric Power Co., in Columbus, Ohio.
Freese and his counterparts in the energy, chemical and telecommunications industries said they work closely with the DHS and other government agencies.
“SBC maintains close ties to government agencies responsible for national security,” said Andrew Geisse, CIO for SBC Services Inc., in San Antonio. “We work closely with them on a daily basis to receive and share security-related information.”
Federal agencies working with the private sector on cyber-security
* Telecom sector National Security Telecommunications Advisory Committee, National Coordinating Center for Telecommunications Information Sharing and Analysis Center, Infragard, and the National Security Information Exchange
* Electric power sector DHS and the Department of Energy
* Chemical sector DHS and the National Institute of Standards and Technology