The Bush Administration's IT security initiatives are suffering from a lack of leadership and resources, two former top administration officials told a House subcommittee Tuesday.
Richard A. Clarke, President Bush's former cybersecurity advisor and the chief architect of the White House's National Strategy to Secure Cyberspace, told the House Government Reform Subcommittee on Technology and Information Policy the government has made great strides in catching up with the private sector in terms of IT security, but the new Department of Homeland Security (DHS) lacks the resources and staff to carry out the administration's overall plan.
Clarke, who resigned from the government in February, told lawmakers the DHS is placing infrastructure concerns over security issues.
"For many, the cyber threat is hard to understand: No one has died in a cyber attack, after all," Clarke said. "There has never been a smoking ruin for cameras to see. It is the kind of thinking that said we never had a major foreign terrorist attack in the United States, so we never would; Al Qaeda has just been a nuisance, so it will never be more than that."
Clarke urged lawmakers to create a national cybersecurity center staffed by experts and led by a federal chief information officer with control over all federal agencies. He also said Congress should support the administration's plan to outsource IT security for agency networks.
"There is a real reluctance to outsource IT security, but that's the answer," said Clarke.
Supporting Clarke's position was Michael A. Vatis, the administration's former director of the National Infrastructure Protection Center (NIPC), who said the government is actually less prepared now than a year ago to deal with cyber attacks due the transition of agencies, including the NIPC, to the DHS.
"We have in many respects regressed in recent months," he said.
Speaking for the government, Mark A. Forman, director for IT and electronic government at the Office of Management and Budget (OMB), said cybersecurity remains a top priority of the administration. He said a recent OMB study showed "substantial improvements" by federal agencies. He also said the government will spend $4.25 billion this year on IT security, as opposed to $2.7 billion last year.
The same OMB report, however, also states that "significant information security weaknesses at 24 major agencies continue to place a broad array of federal operations and assets at risk."