Kurtz added that follow-through has been poor on the government's highly touted public-private partnership with industry to address security issues. That effort was part of a White House directive on cyberspace that mandated tighter controls for federal agencies but called for a voluntary plan for the private sector. After a meeting late last year, the partnership yielded five major reports and dozens of recommendations, but little in the way of further action.
"Not enough is happening" even to fulfill the Bush directive, said Rep. Zoe Lofgren (D-Calif)., who represents Silicon Valley.
To try to increase attention on cyber-security, several industry groups are supporting a bill co-sponsored by Lofgren and Rep. William M. "Mac" Thornberry (R-Tex.) that would elevate the director of the cyber division, currently Amit Yoran, to assistant secretary with more direct access to top DHS officials.
But Robert P. Liscouski, assistant secretary for information analysis and infrastructure protection, who oversees the Cyber Security Division, said the notion of separating attention on cyber-threats from overall infrastructure protection would be bad policy.
"Cyber . . . is a very key priority for us," said Liscouski, a former police officer and Coca-Cola Co. security executive. But elevating it to special status "is a step back," he said, arguing that physical and cyber-security are closely connected.
Thornberry said that philosophy is "kind of a dumbing down of our cyber-security efforts. Cyber has some unique features."
Liscouski said he also has to focus on where the greatest threat lies and that overall he thinks the division is making progress.
"The fact that I'm not on the bully pulpit is more a reflection of where our threat is," he said, referring to tech industry's desire that the Homeland Security Department take a lead role in pushing companies to make cyber-security a top priority. "The dominant threat has been a physical threat."
He acknowledged the department's initial reluctance to participate in the Dartmouth exercise because the division was still organizing itself and might not have been able to "engage in a meaningful way." But he said it was highly valuable in the end.
Industry executives say that if, as the administration has said, it wants to rely on their expertise to help formulate cyber-security policy, it should heed their advice now.
Harris N. Miller, head of the Information Technology Association of America, said his group "continues to be concerned that DHS does not have adequate resources devoted to cyber-security and that the cyber-security head does not have adequate visibility within the bureaucracy. Improvements are coming, but slowly. The question is whether the nation can afford to wait."