DHS plans national IT security exercise in November

The Homeland Security Department plans to conduct a major cybersecurity preparedness and response exercise to be called Cyber Storm in November, a department official said in congressional testimony yesterday.

Andy Purdy, acting director of DHS' National Cyber Security Division (NCSD), described Cyber Storm as "a national exercise" during a hearing that focused largely on the work yet to be done in the cybersecurity field.

He spoke during a hearing of the Senate Homeland Security and Governmental Affairs Subcommittee on Federal Financial Management, Government Information and International Security.

According to written testimony Purdy presented, the division has worked with the Justice and Defense departments to help form the National Cyber Response Coordination Group (NCRCG).

"The NCRCG has developed a concept of operations for national cyberincident response that will be examined in the National Cyber Exercise, Cyber Storm, to be conducted by NCSD in November 2005 with public and private-sector stakeholders."

Subcommittee Chairman Tom Coburn (R-Okla.) cited Government Accountability Office criticism of the department's cybersecurity programs.

"Cybersecurity plays an important part in the protection of the critical infrastructure," Coburn said, adding that his committee planned to hold additional hearings on the topic.

Coburn advocated improved organizational stability for the cybersecurity division and said, "I ask that the department build partnerships with the private sector in the cybersecurity field."

Purdy's testimony focused on DHS' cybersecurity priorities, activities and plans, but questions from Coburn and other lawmakers focused on some of the gaps and remaining needs in the arena.

David Powner, director of IT management issues for GAO, highlighted the shortcomings of DHS' cybersecurity programs.

"Recent attacks and threats have increased the need for cyberdefense," Powner said. Noting that "DHS faces many challenges" in implementing its cybersecurity policy, Powner added, "Although DHS has exerted effort to address each of the 13 cybersecurity responsibilities it has, they are incomplete."

He especially emphasized DHS' need to achieve a stable organization. The division has operated with an acting director since last fall, and faces an additional reorganization with the creation of an assistant secretary for cybersecurity and telecommunications slot.

Wilson S. Dizard III is a staff writer for Washington Technology's sister publication, Government Computer News.