The Homeland Security Department has published a draft framework that describes the knowledge and skills the federal information technology workforce must have to safeguard the country from cyberattacks. The document is not a directive, DHS officials said in a Federal Register notice accompanying its release.
The purpose of the framework is “to ensure that we have the most qualified and appropriately trained IT security workforce possible,” said Greg Garcia, DHS’ assistant secretary for cybersecurity and communications, in a statement last week.
— Brian Robinson
When the White House released an updated National Strategy for Homeland Security last week, a reporter asked, “Where’s the beef?”
It’s in a strategy document written in 2002.
Frances Townsend, assistant to the president for counterterrorism and homeland security, said the updated document purposely steps back from operational details to offer a longer-range view.
“It says, ‘Having built many of those capabilities, what additional actions over the long term do we need to build to ensure the strength and continuing vitality of the homeland security effort in this country?’” Townsend said last week at a news conference on the updated strategy.
She added that the plan is not about what the government should do next year but what federal agencies should do over time to close homeland security gaps.
Experts at both ends of the political spectrum said the updated strategy lingers on old themes and offers few new concepts.
Also, the strategy doesn’t fully address the problem of cyberattacks that could cripple the government’s response to a national security crisis, critics said. Many essential and emergency services rely on the uninterrupted use of the Internet. More importantly, terrorists and hostile foreign governments can access the Internet and use it for their own gain, the document states.
White House officials said the federal government is improving cybersecurity. To secure the U.S. cyber infrastructure against man-made and natural threats, federal, state and local governments and the private sector are working together to prevent damage and abuse of Internet systems, the document states. But for anyone interested in more details, the updated strategy refers to the Bush administration’s nearly five-year-old National Strategy to Secure Cyberspace.
Lawmakers say the administration’s strategy must do more than offer generalized statements about how to secure the Internet because it has grown significantly since February 2003, when the White House released its first cybersecurity plan.
Rep. Jim Langevin (D-R.I.), chairman of the Homeland Security Committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, said he was dismayed but not surprised. “This report fails to address the urgent need to close cyber loopholes across all levels of government and the private sector,” he said. “Analyzing the challenges of our nation’s cyber infrastructure deserves more than a sidebar in a document of this stature.”
Paul Kurtz, former senior director of national security at the Office of Cyberspace Security and now partner at Good Harbor Consulting, said the small amount of attention given to cybersecurity signals deeper problems. The strategy demonstrates that the administration has not made any real progress on cybersecurity and resilient communications.
James Lewis, a senior fellow at the Center for Strategic and International Studies, said the strategy leads to no specific action plans. “This strategy is squishy,” he said.
Lewis said he would advise the administration to return to the fundamentals by identifying the essential infrastructures that the country must have to continue operating and figure out how to protect them from attack.
Digg
De.licio.us
Slashdot
Technorati
