Administration Has Few Cyber Security Accomplishments Lack of Leadership cited for Failure to Protect Critical Cyber Infrastructure

WASHINGTON – Governmental Affairs Committee Ranking Member Joe Lieberman, D-Conn., said Friday the Administration has made “far too little progress” in securing the information systems that underpin so many aspects of our daily lives and called on the Department of Homeland Security to explain its sluggishness.

In a letter to Homeland Security Secretary Tom Ridge, Lieberman said the Administration has neither identified nor prioritized key cyber systems, much less moved to protect them.

He also chided the Administration for failing to partner with the industry sector and state and local governments, which own and operate much of the interconnected computer operations supporting our telecommunications networks, power grids, water supplies, public health and law enforcement services, emergency response, and even national defense.

“I am deeply troubled at how little has been accomplished to reduce the very real threat to our computer-based infrastructure,” Lieberman wrote in the letter. “It appears the Administration has been running in place, leaving us little closer to having meaningful protections for the vital computer dependent systems on which the country depends each day.”

Over the last year, worms and viruses disrupted and crashed Internet-connected systems and corporate networks at a far greater rate than in the past, demonstrating our vulnerability to cyber attack. One estimate put the economic cost of those disruptions at $13 billion in just eight months.

“In addition to the cost and disruption of these Internet born worms and viruses, there is a growing concern that cyber attacks could yield a crippling blow to specific essential infrastructure sectors,” Lieberman wrote.

The Administration’s response? In February 2003, it issued its “National Strategy to Secure Cyberspace,” which outlined strategic objectives in vague generalities, without time frames, deadlines, or performance benchmarks. On December 3, it convened a cyber-security summit with the information technology industry but not with the power, water, or telecommunications sectors that buy and use the technology. And on December 17, the Administration granted the Homeland Security Department another year to explain how it would identify and protect key cyber systems.

“More than a year after enactment of the Homeland Security Act and 10 months after the issuance of the National Cyberspace Strategy, all that could be announced was neither a plan, nor a blueprint, but a plan to create a blueprint,” Lieberman wrote.
Part of the problem is due to the fact that the position of cyber security chief was left open for much of 2003.

“The Administration’s lassitude and lack of leadership have left [the current cyber security chief] in the unenviable job of playing a difficult game of catch up,” Lieberman said.

Below is a link to a copy of the letter: