RealTime IT News

Experts: Bureaucracy Thwarts U.S. Cybersecurity

Government cybersecurity
WASHINGTON -- Securing government IT systems is a high-stakes game. Like the private sector, the government is under constant attack from legions of hackers looking to infiltrate and exploit software and architecture vulnerabilities.

But Uncle Sam may have it worse: Fleet-footed companies aren't saddled with a sprawling bureaucracy and Byzantine procurement process that can hinder the government when trying to fend off threats to targets like Pentagon databases or major weapons systems.

That's one reason that federal agencies are looking to work in concert with the private sector to develop a more nimble set of cyber defenses.

In introductory remarks before a panel discussion of industry experts on cybersecurity here at the National Press Club, Rep. Jeff Miller, R-Fla., aimed to send a clear message that the government is waking up to the new threats that are the byproduct of a hyper-networked world.

"Cyberspace is now a major battlefield for national and economic security," said Miller, the ranking Republican on the House Subcommittee on Terrorism and Unconventional Threats and Capabilities.

Recent cyber skirmishes in nations like Estonia and Georgia have shown that targeting a country's digital infrastructure is quickly writing itself into the basic military playbook, Miller said.

But government cybersecurity is a much broader than national defense. IT permeates the operations of the government, from the top levels of national security to the army of functionaries scurrying around Capitol Hill with their heads buried in their BlackBerries.

"We have some folks on the Hill who are Twittering. I don't Twitter, but we all know what it is," Miller said. "We're all aware of the changes in the world and cyberspace. Technologies and social tools like Twitter and Facebook are rapidly becoming more and more pervasive, and demonstrate that the information technology systems that we need today must be developed and acquired with the knowledge that they will enter a highly contested and highly integrated network."

But "highly integrated" may not fully capture the scope of the problem.

Streamlining the bureaucracy

Part of the difficulty in shoring up national cybersecurity is the ongoing debate over who is -- and should be -- in charge of federal cybersecurity.

At present, responsibilities and authority are splintered across a variety of agencies, including the Department of Homeland Security, the National Security Agency and the FBI.

Those agencies operate in extensive partnerships with IT companies in the private sector on the cybersecurity front. Broadly drawn, the relationship has the government spelling out the requirements, and the industry providing the technology.

[cob:Special_Report]Representatives of several of those firms were on hand at this morning's discussion, where they emphasized the need for government agencies to embrace a more collaborative, flexible approach to cybersecurity -- and one that does away with some of the arcane bureaucracy that has made the government famously sluggish, the panelists said.

Partly as a result of the different agencies sparring for primacy in cybersecurity, many projects are handled piecemeal, with no serious effort made to implement a government-wide defense mechanism, the panelists said.

Page 2: Obstacles ahead