DHS Is Failing to Meet Its Cyber Responsibilities
The threats we face in the cyber realm are greater than ever before. Our enemies grow bolder and more capable, but the Department of Homeland Security (DHS) is dithering at a time when the agency should be leading in this critical area.
Cyber issues have gone political. One only has to read the headlines to recognize that. As important as that part of the field is, it cannot be allowed to hold back improvements in America’s actual cyber defenses. As the cyber threats have grown (from nation-states, terrorists, and cyber activists), America has responded with an ad hoc patchwork of defenses. No one believes that what we now have is sufficient.
DHS is responsible for defending the “.gov” domain of the Internet. This covers the entire Federal government structure except for the military and intelligence community, as well as many local and state government entities. It is a huge task. Over the years, DHS built up the National Cybersecurity Protection System (NCPS), but done so in a piecemeal fashion. It has been a noble effort, but faced with present threats, it fails pretty regularly. That is unacceptable.
Congress pinned the rose on DHS (again) to fix it, and unify the efforts which up to now differ widely between departments, and even within organizations using .gov. The goal was to take the part of the Internet over which the Feds have the most control, and get them all on the same sheet of music, up to date, adequately defended and continually improving – saving the Feds headaches and taxpayers money along the way. This must be a truly unified approach to operations, maintenance, execution and everything in between.
Two years ago, it looked like progress was being made. DHS awarded the so-called DOMino contract (the overarching effort to meet the intent of Congress), which would begin the unification process. That effort hit a wall as only something inside the Beltway can do. Disputes over the contracting process – not the merits of the security the new contract would be providing – have put the entire effort in limbo, and as a result, have put America at risk. The process is harming security. Previous DHS leadership could not bring itself to make a call to resolve the log jam – it is time for the new Administration to step up and lead on this critical issue.
Right now, the Nation has growing threats (little debate here from anyone), and failing technologies (NCPS did little to stop the huge data breaches at Office of Management and Budget, FBI, or National Weather Service, to name a few). NCPS was a great initial try, but is no longer adequate; its outdated components and it must be replaced, not just tinkered with.
It is time for DHS to make a decision and get on with the critical business of building new, unified defenses for .gov. The incredibly divisive circus that came out of our most recent election should be enough motivation, but it hardly stops there. We need a renewed emphasis on holistic cybersecurity. This is a truly bipartisan issue of vital concern to all Americans.
Additionally, the sort of overhaul that is needed (and envisioned under the current proposal DHS is sitting on) is a job producer in the hottest industry in the world. That makes this a win-win proposition. Finally, we have to stop hemorrhaging money (a lot of it) in a stopgap manner that is not ultimately making our systems more secure. Make the investment, and fix the system.
DHS must stop the handwringing and business as usual procedures. Decide on who will get the task and get on with the business of fixing .gov now. The Nation is waiting and needs this call to be made. Cybersecurity is too important for any more delay. Every day wasted puts America at more risk. DHS has the leaders it needs to be about the Nation’s business; now lead.
Steven P. Bucci, Ph.D., is an independent defense and cybersecurity consultant and a visiting fellow at The Heritage Foundation.