Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISN] DHS responds to criticism of database on vulnerable infrastructure
From: InfoSec News (alertsinfosecnews.org)
Date: Thu Jul 20 2006 - 00:30:25 CDT
By Chris Strohm
July 19, 2006
A top Homeland Security Department official lashed out in frustration
Tuesday at critics who say the department is failing to make good
judgments when it comes to risks and threats facing the country.
The department has come under heavy criticism recently -- and become the
butt of jokes by late-night comedians -- due to its decision in May to cut
urban antiterror funding to major metropolitan areas and an inspector
general's report last week that found a national database of vulnerable
targets rife with locations that pose no security risk.
The IG cited more than 32,000 assets out of about 72,000 in the database
that "are not nationally significant," including a Mule Day Parade in
Columbia, Tenn.; an Old MacDonald's Petting Zoo in Woodville, Ala.; an
Amish popcorn factory in Berne, Ind.; a bean festival in Mountain View,
Ark.; and the Kangaroo Conservation Center in Dawsonville, Ga.
Robert Stephan, the department's assistant secretary for infrastructure
protection, told reporters that the inspector general "ignored" the facts
and came to conclusions that are "fundamentally false."
"This is just a ridiculous thing that happened," he said.
Stephan, speaking at an event billed as a briefing on a recently released
National Infrastructure Protection Plan, defended the asset database the
plan relied on, but acknowledged that the department now faces a serious
public perception problem.
Senate Democrats scolded the department last week by including a provision
in the fiscal 2007 Homeland Security appropriations bill that requires it
to comply with the inspector general's recommendations for overhauling the
The amendment, offered by Sen. Barbara Boxer, D-Calif., would prohibit the
department from spending preparedness funds on administrative and
management employee travel until the recommendations are implemented or
officials explain to Congress why they were not.
"The Inspector General's report outlines a case of gross mismanagement
within the Department of Homeland Security," Boxer said. "There is no
excuse for including sites facing no significant threat at a time when the
Department of Homeland Security is downgrading its risk assessment for San
Diego, Sacramento and other high-risk locations."
Attempting to set the record straight, Stephan said neither he nor key
members of his management team were interviewed for the IG's report. He
said low-level members of his staff were initially interviewed, but none
of their input showed up in the report.
"The lower level provided feedback that was ignored by the IG," he said,
adding that the inspector general never came back for additional
Stephan did acknowledge that the database contains locations and assets
that are not at risk, but he said that information is raw data provided by
state and local governments.
He asserted the department does not include no-risk assets in making
decisions about priorities or how to spend money and distribute grants.
"No single raw data point . . . has any relevance to anything," he said.
He said those decisions are made after evaluating targets based on threat,
vulnerability and the consequence of an attack.
Stephan added that the department's National Infrastructure Protection
Plan identifies critical infrastructure for 17 sectors, and how the
federal government will work with state and local governments and the
private sector to protect those assets.
"We now have a playbook, commonly agreed to in an organized manner," he
said. "This is a way out of the wilderness."
The private sector, however, is not required to comply with the plan.
2006 by National Journal Group Inc. All rights reserved.
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.