The Department of Homeland Security is charged with
protecting the nation’s computer systems and has made
headway fulfilling this mission but has not fully
addressed responsibilities set forth in law and policy,
and faces numerous challenges, the Government
Accountability Office has said in a new report.
It said DHS has not “fully addressed any of the 13
responsibilities” it identified for coordinating
activities to protect computer systems established by
the Homeland Security Act.
While DHS has established a National Cyber Security
Division to address cyber-security for critical
infrastructures, and has established a Computer
Emergency Readiness Team, as well as forums to
facilitate information sharing among federal
information security and law enforcement entities,
“much work remains,” the report said.
DHS has yet to develop national cyber threat and
vulnerability assessments or “government-industry
contingency recovery plans for cyber-security,”
such as a plan to recover key Internet functions,
according to GAO-05-434.
In addition, it said DHS still needs to achieve
organizational stability and authority, needs to
overcome hiring and contracting issues, increase
awareness about cyber-security roles and
capabilities, establish effective partnerships
with stakeholders, achieve two-way information
sharing, and demonstrate the value it can bring.
The department’s cyber-security strategic plan
identifies steps to address these challenges, but
until they are resolved DHS “will have difficulty
achieving significant results,” the report said.
