Homeland Security Dept. faces cybersecurity woes

Combining six IT security agencies into one division of the proposed Homeland Security Department is an opportunity for enhanced efficiency, but it will not necessarily fix the weaknesses plaguing federal efforts to secure critical infrastructure, according to the General Accounting Office.

"Since 1996, we have reported that poor information security is a widespread federal problem," Robert Dacey, GAO's director of information security, said July 9 before the House Energy and Commerce subcommittee on oversight and investigations.

The new department's Information Analysis and Infrastructure Protection division would inherit this problem, Dacey said.

The subcommittee held its second day of hearings on the president's proposed legislation to establish the new Homeland Security Department. Under the proposal, the department would include the FBI's National Infrastructure Protection Center, the Commerce Department's Critical Infrastructure Assurance Office, the National Institute of Standards and Technology's Computer Security Division, the Energy Department's National Infrastructure Simulation and Analysis Center, the General Services Administration's Federal Computer Incident Response Center, and the multidepartmental National Communications System.

Challenges to bringing these agencies together include:

*Lack of a national strategy for critical infrastructure protection;

*Need to improve analytical and warning capabilities;

*Need to improve information sharing both within the government and between government and the private sector;

*Need to address pervasive weaknesses in federal IT security.

CIAO director John Tritak told the panel that the president's fiscal 2003 budget proposal calls for establishing an Information Integration Program Office within CIAO to improve coordinating information sharing.

CIAO also is a focal point for private-sector input to the national strategies for cybersecurity and homeland security being developed by the Office of Homeland Security.

The strategies are slated for completion this month and released later this year.