WASHINGTON – Homeland Security and Governmental Affairs Committee Ranking Member Joe Lieberman, D-Conn., says recent cyber attacks underscore the need for the Department of Homeland Security to resolve internal management problems now preventing it from properly protecting the nation’s critical computer infrastructure. Lieberman made his comments following a Subcommittee on Federal Financial Management, Government Information, and International Security hearing entitled “Securing Cyberspace: Efforts to Protect National Information Infrastructures Continue to Face Challenges.”

“Pranksters or serious saboteurs could cause irreparable harm to our way of life by hacking into sensitive computer systems,” Lieberman said, citing the recent theft of information pertaining to tens of millions of credit card holders and the March hacking of electric power industry control systems. “I don’t expect overnight success, but I do expect visible improvement in DHS’s ability to protect the cyber-structure that underpins our nation’s critical infrastructure.” Lieberman said he hoped DHS Secretary Michael Chertoff’s announced plan to establish a new assistant secretary for cyber security and telecommunications would hasten DHS’ improvement in this area. The Government Accountability Office testified Tuesday on the management problems afflicting DHS’ ability to secure the nation’s public and private cyber infrastructures essential to our national security, economic well being, and the health and safety of the American public. The Internet and other telecommunications networks, our power grid and water supply, our public health and law enforcement services, emergency response, and even national defense all depend on the security of their interconnected computer operations. “Over a year ago, I detailed a number of concerns regarding the lack of results similar to those identified by GAO, and I wish more progress had been made since then,” Lieberman said. The GAO testified that DHS has not fully addressed any of its 13 chief cybersecurity tasks, although it has initiated efforts on many fronts. For example, the department has issued an interim report on infrastructure protection that includes cybersecurity and has made efforts to open the lines of communication between information security officers and law enforcement officials. However, GAO said DHS has yet to develop a national threat assessment, a contingency plan in case of attack, and a plan to recover key internet functions, should they be disabled. Furthermore, the Department continues to have trouble establishing working partnerships with other local, state, and federal agencies and with the private sector. Among the systemic management problems that must be resolved before infrastructures can be adequately protected from cyber attack are organizational stability and authority, contracting and hiring problems, and effective partnerships and information sharing. Senator Lieberman’s March 2004 letter to Secretary Ridge is attached below.