GAO: DHS should complete integration of cyber operations
Department counters that merging "may not be practical or efficient."
The Homeland Security Department has failed to follow two of three recommendations issued by a special task force last year to integrate operations to improve response to disruptions of voice and data networks during emergencies, according to a report issued on Thursday by the Government Accountability Office.
Comment on this article in The Forum.In September 2007, a task force created by DHS recommended merging the U.S. Computer Emergency Readiness Team, which analyzes cyber threats and disseminates warning information, with the National Coordination Center and the National Coordination Center Watch. NCC is the point of contact for the private sector on issues affecting the availability of the nation's communications infrastructure, and NCC Watch coordinates with NCC members during a major disruption in telecommunications to restore service.
"You want common operating procedures without overlapping or duplicative roles," said David Powner, GAO's director of IT management issues. "There are roles and responsibilities that will be kept separate, but everything needs to be tied to efficient and effective response."
But DHS has completed only one of three recommendations from the task force to integrate the organizations. In November, it satisfied the recommendation to move NCC Watch to space adjacent to US-CERT, according to the report. The proximity allows analysts from the coordination center and US-CERT to collaborate on planned and ongoing activities. The centers also jointly acquired common software tools to identify and share telecommunications and cyber information. A joint morning report, for example, notes their respective network security issues and problems, which analysts use to coordinate responses to disruptions.
DHS has failed to accomplish the two other recommendations the task force made, the report noted. The department has not merged the two centers or invited key officials involved in operating the private sector critical infrastructure to participate in the planning and monitoring of the proposed joint operations center.
"There have been instances going all the way back to 2002 where GAO and various presidential advisory groups recommended this integration to occur to ensure government is in a good position to plan for a response to communication disruptions," Powner said.
He noted the attacks of Sept. 11 and fallout from Hurricane Katrina as examples of why further integration is crucial. "DHS has a lot of priorities, but we have hard evidence that this is something we need to tackle," Powner said.
"DHS officials stated that their efforts have been focused on other initiatives," the report stated, most notably President Bush's recently announced cybersecurity initiative, proposal to defend government networks against cyberattacks.
Department officials said they are drafting a strategic plan for the integration but could not provide a date for when the plan would be finalized. GAO noted that the plan has been in draft form since mid-2007.
DHS expressed concern about the recommendation to merge the organizations. The National Cybersecurity Division (NCSD), which oversees US-CERT, and the National Communications System, which manages the NCC and NCC Watch, "have distinct missions and operational requirements," Penelope McCormack, acting director of DHS' Audit Liaison Office, said in a written response to the GAO report. "Ensuring collaboration between NCC and US-CERT is paramount to successful response to national events. However, merging these two centers organizationally may not be practical or efficient for a number of operational reasons. NCS and NCSD support further integration of certain overlapping functions as appropriate, but they do not support organizationally merging the NCC and US-CERT at this time."
Powner called the response an argument over semantics. "A merging is a merging of operations," he said. "To us it was splitting hairs. The main concern here is that action has not been as timely as many would have wanted. They don't even have a firm plan of action in place. That's the key."
NEXT STORY: Phishing attacks becoming more sophisticated