The Department of Homeland Security (DHS) lacks the resources and personnel needed to protect America’s critical infrastructure from a cyberattack, the agency’s head has acknowledged.
The department even lacks the funds to hire the top cybersecurity experts.
“We are competing in a tough marketplace against a private sector that is in a position to offer a lot more money,” Jeh Johnson, the Homeland Security secretary, told US senators at a hearing last month. “We need more cyber talent without a doubt in DHS, in the federal government, and we are not where we should be right now, that is without a doubt.”
The department cannot match the huge paychecks and flexibility that private sector firms like Alphabet (owner of Google) and Facebook can offer computer experts, The New York Times reported.
The department’s technology could also be outdated and inferior to that in the private sector, a cybersecurity expert told The Times.
Many experts avoid working for the government because it simply lacks the latest technology, said Candy Alexander of the Information Systems Security Association, a group of cybersecurity professionals.
“For a lot of people who do this work, it is about who gets the coolest toys first,” Alexander said. “And DHS doesn’t come across as a place where that is going to happen.”
600,000 Cybersecurity Incidents and Growing
Beefing up cybersecurity is critical because 600,000 cybersecurity incidents were reported to DHS in 2014 involving government and private computer systems, The Times reported.
Many of the attacks show a level of sophistication that indicates foreign governments could be behind them, the newspaper said. Officials are becoming worried because a cyberattack on the Ukraine’s power grid last December caused a blackout that left 225,000 people without electricity.
Another cyberattack involving so-called ransomware locked staff at the Hollywood Presbyterian Medical Center in Los Angeles out of their computers in February. The only way doctors and nurses could get access to critical data was to pay the bad guys $17,000 worth of Bitcoins.
Despite the growing threat, DHS does not have even enough cybersecurity experts to fill all the positions it has open. The Cybersecurity Enhancement Act of 2014 gave DHS the money for 1,000 experts, but the department has only been able to recruit 691, The Times reported.
“The deck is stacked against us a little bit,” Phyllis Schneck, deputy undersecretary for cybersecurity and communications at the Department of Homeland Security, admitted. “So what we are pitching to people is to explore a hybrid: Do a private sector career and then come and do some time in government. It can be a positive experience in both areas.”
Schneck is a former chief technology officer for antivirus company McAfee (now Intel Security). Another problem DHS faces is that people who are attracted to government work prefer to work at more glamourous agencies such as the NSA or CIA.
“Countering our adversaries and keeping them from disrupting our critical infrastructure can be just as exciting,” cybersecurity expert Robert Lee told The Times. “But the DHS is seen as a large bureaucracy, and nothing about it screams change and innovation.”
Do you believe America is vulnerable to a cyberattack? Share your thoughts in the section below: