Homeland Security spread thin, House panelist says

The U.S. Homeland Security Department may have trouble meeting the requirements of an Obama administration plan for boosting the nation’s computer defenses, a former White House cybersecurity adviser told lawmakers.

The administration proposal, which would give Homeland Security a central role in strengthening U.S. cybersecurity, may leave the agency spread too thin to fulfill those new responsibilities, Melissa Hathaway, the former acting “cyber czar” under President Barack Obama, said in testimony before a hearing of the House subcommittee on cybersecurity.

“We need to decide whether DHS is a policy maker, regulator or operator,” Hathaway, now an independent security consultant, said in her testimony. “We appear to be asking DHS to take on new cybersecurity roles and missions while it is establishing its basic core competencies. Is this reasonable?”

House and Senate lawmakers are reviewing the Obama plan as they develop comprehensive cybersecurity legislation. The White House proposal, sent to Congress on May 12, recommends tighter oversight of “critical infrastructure,” such as power grids or financial networks, considered vital to the U.S. economy or national security.

The Homeland Security Department would determine if company facilities qualify as critical infrastructure and therefore be subject to regulation, according to the administration plan. That regulation would be defined and carried out in part by the agency, which would also conduct computer security audits of designated companies.

“In my view, inserting DHS into a regulator role in this context could dilute its operational and policy responsibilities and likely detract from the nation’s security posture,” Hathaway said.

She recommended that lawmakers decide whether DHS should take on an operational role that provides actionable information to the private sector and helps defend government computer systems, or assume a broader policy role and become the architect for a more secure national infrastructure.

“Perhaps it would be better to focus DHS on becoming a center of excellence in one or two areas,” she said.

Chris Ortman, a Homeland Security Department spokesman, didn’t immediately respond to an e-mail and phone call seeking comment.

Hathaway was the acting senior director for cyberspace for the National Security and Homeland Security Councils under Obama. She led the administration’s 60-day interagency review of government cybersecurity programs.

She resigned from the position in August 2009, citing personal reasons.