010815as1

More documents

Recommendations

Info

Mission 4—Safeguarding and Securing Cyberspace Overview In 2009, President Obama identified the basic challenge that the nation faces in cybersecurity. “It is the great irony of our Information Age—the very technologies that empower us to create and to build also empower those who would disrupt and destroy. And this paradox—seen and unseen—that we face every day,” the President explained. “It is about the privacy and the economic security of American families,” and also “a matter of public safety and national security.” 367 The cybersecurity threats facing our nation create a serious and persistent challenge, both to the private sector and the government. The American public is becoming accustomed to major data breaches or cyber attacks against commercial networks being reported in the national press. These incidents have become so commonplace that it has become almost cliché to repeat the frequent expression among cybersecurity experts that, “There are two kinds of organizations in the U.S.—those who know they’ve been hacked, and those who don’t know they’ve been hacked.” 368 Less reported is the quiet but damaging nation-state sponsored or condoned economic or industrial espionage, including the theft of intellectual property or business information, through computer intrusions and data exfiltration that occurs on a daily basis. Former NSA Director General Keith Alexander called cyber espionage against the United States “the greatest transfer of wealth in history.” 369 Estimates of the actual cost to the U.S. economy have ranged as high as hundreds of billions of dollars per year. 370 The U.S. government also faces significant cybersecurity threats, including adversaries using weaknesses in our networks and information security systems to steal or disrupt sensitive 367 The White House, “Remarks by the President on Securing Our Nation’s Cyber Infrastructure,” May 29, 2009. 368 James Cook, “FBI Director: China Has Hacked Every Big US Company,” Business Insider, October 6, 2014, at http://www.businessinsider.com/fbi-director-china-has-hacked-every-big-us-company-2014-10, accessed October 10, 2014. 369 Josh Rogin, “NSA Chief: Cybercrime Constitutes the “Greatest Transfer of Wealth in History,” FOREIGN POLICY (July 9, 2012), at http://thecable.foreignpolicy.com/posts/2012/07/09/nsa_chief_cybercrime_constitutes_the_greatest_transfer_of_weal th_in_history, accessed December 29, 2014. 370 Office of the National Counterintelligence Executive, Foreign Spies Stealing U.S. Economic Secrets in Cyberspace: Report to Congress on Foreign Economic Collection and Industrial Espionage 2009-2011, p.4. 81
information, which can be used to weaken our government’s defenses or to exploit citizens’ personal information. There is even a threat that adversaries could use cyber-attacks to disrupt or destroy information systems, including those that support the operations of critical infrastructure, to conduct real world damage, even potentially including loss of life. Former DHS Secretary Janet Napolitano publicly warned of the danger of a “cyber 9/11” attack and others have warned of “cyber Pearl Harbor”. 371 These warnings may overstate the probability of such an attack. In 2014, DHS officials told Committee staff that it is “very difficult to kill people” 372 using cyberattacks and that the greater concern of cyber-attacks on critical infrastructure is economic consequences. The potential for a cyber-attack that causes loss of human life remains a lowprobability high-consequence event that must not be ignored. The Department of Homeland Security has assumed significant responsibilities in the area of safeguarding and securing cyberspace. The Department defines this as its fourth priority mission: “DHS is responsible for protecting the federal executive branch civilian agencies and guiding the protection of the nation’s critical infrastructure.” 373 DHS currently operates extensive programs across several of its components and directorates focusing on cybersecurity, including programs within the National Protection and Programs Directorate ($696 million annually) and the U.S. Secret Service ($9.8 million annually), and ICE’s Homeland Security Investigations component. 374 Overall, the Department spends nearly $706 million annually on cybersecurity-related federal programs. 375 A review of DHS’s cyber security programs raises questions about whether the Department is effectively fulfilling its cybersecurity mission, as well as whether its strategy for helping the nation safeguard and secure cyberspace is appropriate given the nature of the threats we face. First, the Department of Homeland Security has struggled to execute the responsibilities delegated to it by the Office of Management & Budget for improving the 371 Reuters, “U.S. homeland chief: cyber 9/11 could happen "imminently",” January 24, 2013, at: http://www.reuters.com/article/2013/01/24/us-usa-cyber-threat-idUSBRE90N1A320130124. 372 DHS officials briefing Committee Staff, April 17, 2014. 373 “Department of Homeland Security Strategic Plan: Fiscal Years 2012-2016,” Department of Homeland Security, February 2012. 374 Memo from Congressional Research Service to HSGAC Minority Staff, “Historical Trends in FISMA Spending by Federal Agencies and Recent Cybersecurity Investments by the Department of Homeland Security, ” November 13, 2014. Data on ICE-HSI expenditures related to cybersecurity was unavailable due to the structure of ICE-HSI and its funding. 375 Id. As of FY2013, NPPD had 348 FTEs in these programs. 82
Page 1 and 2:
A Review of the Department of Homel
Page 3 and 4:
January 3, 2015 Dear Taxpayer, We A
Page 5 and 6:
jurisdiction between various congre
Page 7 and 8:
Executive Summary The Department of
Page 9 and 10:
of the systems that DHS purchased t
Page 11 and 12:
esponsibilities for securing U.S. p
Page 13 and 14:
an independent audit 36 and interna
Page 15 and 16:
Structural problems in FEMA’s pro
Page 17 and 18:
leadership with real authority to m
Page 19 and 20:
Mission 1—Preventing Terrorism an
Page 21 and 22:
hundreds. 56 In the aftermath of th
Page 23 and 24:
its previously closed investigation
Page 25 and 26:
sharing network and $231 million sp
Page 27 and 28:
nation’s preparedness. 87 That ye
Page 29 and 30:
federal entity engaged in this work
Page 31 and 32: agency has struggled in both areas,
Page 33 and 34: including shortcomings in the tests
Page 35 and 36: 2013 shooting at the Washington Nav
Page 37 and 38: Shortly after the September 2014, S
Page 39 and 40: Mission 2— Securing and Managing
Page 41 and 42: It is true that more resources than
Page 43 and 44: FY 2014, in comparison to the rough
Page 45 and 46: Senator Coburn and other members of
Page 47 and 48: The problem of DHS’s ineffective
Page 49 and 50: the number of corruption investigat
Page 51 and 52: amounts of explosives packaged in b
Page 53 and 54: Ports and Sea Borders and Safeguard
Page 55 and 56: Station in Norfolk, conducted by a
Page 57 and 58: significant and experienced federal
Page 59 and 60: Mission 3— Enforcing and Administ
Page 61 and 62: Customs Enforcement is responsible
Page 63 and 64: the consideration of refugee and as
Page 65 and 66: Fraud and National Security Concern
Page 67 and 68: different biographic data.” 287 I
Page 69 and 70: 2007. 298 The evidence also suggest
Page 71 and 72: The decision by federal authorities
Page 73 and 74: women’s underwear that had a logo
Page 75 and 76: schools do not need to be accredite
Page 77 and 78: EB-5 Visa Program U.S. Citizenship
Page 79 and 80: An additional review of the EB-5 pr
Page 81: that the information was confidenti
Page 85 and 86: about 85,000 dams, including sensit
Page 87 and 88: Accelerated, raising serious questi
Page 89 and 90: program. 401 The contracts are stru
Page 91 and 92: “significant deficiency” and hi
Page 93 and 94: participation. Audits of DHS’s in
Page 95 and 96: National Cybersecurity Protection S
Page 97 and 98: smuggling and money laundering, whi
Page 99 and 100: Conclusion Cyber attacks represent
Page 101 and 102: years, or in some cases even decade
Page 103 and 104: high-threat urban areas throughout
Page 105 and 106: $609,576. 473 Its application provi
Page 107 and 108: identified in their grant applicati
Page 109 and 110: performance. 496 The THIRA is a doc
Page 111 and 112: funding. The program ties FEMA, its
Page 113 and 114: counties near the Oklahoma-Texas bo
Page 115 and 116: drastically, and identified an esti
Page 117 and 118: increased costs and inefficiency in
Page 119 and 120: disasters that are over 10 years ol
Page 121 and 122: isks. 575 But shifting some of the
Page 123 and 124: Taxpayers have spent considerable r
Page 125 and 126: Other Key DHS Components, Directora
Page 127 and 128: missions and their relevance to the
Page 129 and 130: presidential directives. 609 The re
Page 131 and 132: securing the southern border raises
Page 133 and 134:
The Office of Health Affairs (OHA),
Page 135 and 136:
Department has struggled with other
Page 137 and 138:
million in R&D work that went unrep
Page 139 and 140:
appear to have a system in place to
Page 141 and 142:
The Construction of the NBAF Facili
Page 143 and 144:
In March 2014, John Roth was confir
Page 145 and 146:
cases back to components’ offices
Page 147 and 148:
waste, fraud, and abuse of grant fu
Page 149 and 150:
management oversight as key challen
Page 151 and 152:
Part II: Recommendations Based on h
Page 153 and 154:
Similarly, a majority of Senators v
Page 155 and 156:
with its work to oversee federal ci
Page 157 and 158:
homes to their place of work. 713 I
Page 159 and 160:
suggests that there is an opportuni
Page 161 and 162:
civil liberties. Moreover, the Depa
Page 163:
Conclusion The nation continues to
show all

010815as1

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?