The NSA surveillance program “helps protect Americans,” Bush said in a speech Thursday. He called on Congress to derail court challenges to the NSA program by passing laws approving the program. “If an al Qaeda commander is calling the United States, we need to know why they’re calling,” he said.
In three other IT-related areas, progress has been slow.
IT security groups have called for greater U.S. government emphasis on cybersecurity. In July 2005, U.S. Department of Homeland Security (DHS) Secretary Michael Chertoff announced plans to create a high-level position, assistant secretary for cybersecurity, but that position remains unfilled, despite pressure from IT groups.
In addition, the DHS has never scored above an "F" in the federal government's annual computer security assessment. Another agency that has consistently pulled in "Fs" is the U.S. Department of Veterans Affairs, which was roiled earlier this year following a massive data breach.
Part of the problem is that the government is simply not as interested as it should be in paying for online defense, according to Marcus Sachs, a former Bush administration advisor on Internet security.
"It's kind of hard to convince the Congress to continue to fund cybersecurity efforts when the entire nation is shaking in its boots over chemical weapons and dirty bombs," said Sachs, who now works for SRI International, a research organization in Menlo Park, California. "We've not had any attributable cyberstuff that you could trace back to terrorism ... it's hard to make a case as to why we need to be worried about it."
Those kinds of attacks may still come, said O. Sami Saydjari, founder and president of Cyber Defense Agency LLC, an IT security research and consulting firm in Wisconsin Rapids, Wisconsin. Just one massive cyberattack would boost U.S. cyberdefense spending, but a major attack could cost U.S. businesses up to US$1 trillion, he said.
The technology to sufficiently harden U.S. cyberdefenses largely exists, but the government needs to create a program to improve the nation’s cybersecurity infrastructure, Saydjari said. “Waiting until we have these attacks is not the time to develop that program,” he added. “Every year, the [cyber] attacks are better.”
Communications interoperability for emergency response agencies
Security experts, including the 9/11 Commission, have requested additional radio spectrum so that emergency response agencies can better communicate with each other. During the Sept. 11 attacks, some emergency responders found that their communication systems did not interoperate. More radio spectrum is on the way, but not until February 2009, the deadline Congress set for television stations to vacate the spectrum and move to all digital broadcasts.
During a lengthy congressional debate over the digital TV transition, Senator John McCain, an Arizona Republican, tried to move up the transition date, arguing emergency responders need the spectrum as soon as possible. But congressional concerns over the timing of commercial auctions for part of the freed spectrum led to the later date. If the auctions were too soon, the spectrum might not sell for the $10 billion Congress has budgeted, opponents of an earlier deadline said.