Cybersecurity - Homeland Security's role

The Government Accountability Office (GAO) recently testified before two House subcommittees on the role of the Dept. of Homeland Security (DHS) in cybersecurity and recovery from Internet disruptions. Under the Homeland Security Act of 2002, PL 107-296 (pdf, 187p.), and federal policy, DHS is responsible for the security of the nation's cyberspace, which includes Internet recovery. GAO sees DHS impeded in fulfilling its role as the government's focal point in both areas.

Cybersecurity. DHS has made progress in 13 key cybersecurity reponsibilities, e.g., the release of its National Infrastructure Protection Plan (NIPP) in June 2006, but none have been completely met. GAO sees DHS facing "a particular challenge in attaining the organizational stability and leadership it needs to gain the trust of the stakeholders in the cybersecurity world" - government as well as the private sector.

Internet recovery. GAO was asked to summarize its earlier report on this subject. It found that DHS has begun initiatives on a public/private recovery plan but its efforts are neither complete nor comprehensive. Key challenges include: (1) diffuse control of the Internet's many networks, (2) lack of consensus on DHS's role, (3) legality of DHS's ability to restore Internet service, (4) reluctance of the private sector to share information, and (5) again, leadership and organizational problems.

Critical Infrastructure Protection: DHS Leadership Needed to Enhance Cybersecurity, GAO-06-1087T, September 13, 2006
      Full testimony (pdf, 160KB, 24p.)
      Highlights (pdf, 44KB, 1p.)
      Abstract (html)

Internet Infrastructure: Challenges in Developing a Public/Private Recovery Plan, GAO-06-1100T, September 13, 2006
      Full testimony (pdf, 144KB, 26p.)
      Highlights (pdf, 44KB, 1p.)
      Abstract (html)

Earlier GAO report:
Internet Infrastructure: DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan, GAO-06-672 (pdf, 2.5MB, 81p.), June 16, 2006