Homeland Security Secretary Tom Ridge said yesterday that the role of overseeing computer security and the Internet should have a higher profile at the agency, in the face of increasing concern from technology executives and experts that cyber-security is getting inadequate attention.
Ridge told an industry council that advises the White House that the agency was creating a new position of assistant secretary to be responsible for both cyber- and telecommunications security, according to two executives who heard the remarks.
| || |
___Tech Policy/Security E-letter___ Written by washingtonpost.com's tech policy team, the e-mail version of this weekly feature includes an original news article and links to policy and cyber-security stories from the previous week.
Click Here for Free Sign-up
Read E-letter Archive
But hours later, Homeland Security spokesman Brian Roehrkasse said that despite Ridge's comments, final details on the title and responsibilities of the elevated position had not been decided. An administration source who spoke on the condition of anonymity later said Ridge misspoke; the job will instead be deputy assistant secretary.
Cyber-security has been a flashpoint ever since the Department of Homeland Security was created in the wake of the Sept. 11, 2001, terrorist attacks. Before then, a cyber-security office was an integral part of the White House. The decision to move it was regarded by many in the technology security industry as a downgrade of the issue's importance by the Bush administration.
Although no full-scale cyber-attacks have occurred, terrorists make extensive use of the Internet for everything from passing messages to transferring money. And because so many networks interconnect, cyber-security experts warn that a weak link in one place could be exploited and threaten major avenues of commerce.
Moreover, attacks by apolitical but malicious hackers against governments, businesses and consumers have continued unabated, costing companies and individuals tens of millions of dollars a year.
The controversy over how best to handle cyber-security reached a boiling point on Oct. 1, when Amit Yoran, head of Homeland Security's National Cyber Security Division, quit in frustration over his inability to get the department to be more aggressive on the issue.
Yoran had reported to Robert P. Liscouski, assistant secretary for infrastructure protection, and was not responsible for telecommunication networks, which are the backbone of the Internet. Liscouski has staunchly resisted calls for giving cyber-security separate attention, arguing that it should be integrated with all other security considerations.
If the department were to create an assistant secretary position for cyber-security, Liscouski would be responsible only for other physical infrastructure.
Before Homeland Security issued its statement, Ridge's remarks met with wide acclaim. Yoran called the change "a fantastic move" and evidence that the department is able to change its operations to meet the mounting cyber-threat.
Paul Kurtz, head of the Cyber Security Industry Alliance, said it was "a solid development."
Rep. Zoe Lofgren (D-Calif.), who along with Rep. William M. "Mac" Thornberry (R-Tex.) sponsored House legislation to elevate the cyber-security job, said it would be "good news for a more secure America."