Blog

Who Runs U.S. Grid Security?

An article in today’s Washington Post troubles me greatly. It outlines severe retention and moral problems at the Department of Homeland Security, the uber-agency created in the aftermath of the 9/11 horror. DHS – much like the Department of Energy in 1977 – was cobbled together in haste in 2002 from some 22 disparate agencies across the federal government, in an attempt to demonstrate that the U.S. was taking the threat of terrorism seriously.

Congress slammed together an agency that combined customs and immigration, emergency management, some domestic intelligence, the Coast Guard, animal and plant inspections, and a host of other, often incompatible and incongruous, functions. They had different cultures, procedures, and processes, which, apparently so far, have not been reconciled. On top of that, the new agency, incorporating conventional civil service personnel policy, has vastly underpaid its top talent.

Here’s a telling anecdote from the article: “In early 2010, the DHS hierarchy gathered to discuss a report the agency was preparing about its mission. A top official looked around the table and asked who felt they were in charge of the department’s counterterrorism role. Five people raised their hands, said a person who attended the meeting.” Who’s on first?

So far, according to the newspaper, the agency is a fumbling, stumbling, bumbling, cumbersome, ill-led bureaucratic behemoth. It’s not just the most visible Transportation Security Agency, the often incoherent and inept troops that the those of us who travel by air face repeatedly, shoes off and liquids (no more than three ounces each) stored in a separate plastic bag. It’s virtually every aspect of the DHS.

What gets me hyperventilating is the description of the DHS cybersecurity program. According to the Post, between June 2011 and March 2012, “four senior DHS cybersecurity officials quit and one retired — all headed to the private sector.” The newspaper article continued, “The departures came as the department battled the Pentagon and the National Security Agency over who should have responsibility for protecting critical private-sector networks and for responding to industry requests for assistance. DHS was pressing to enshrine its authority in law.” That law died in an unresponsive Congress.

The Post added, “The continuing stream of departures has at times hampered the department’s ability to combat cyberattacks aimed at civilian federal networks and to serve as the federal point of contact for critical industries, such as energy and transportation, and for state and local governments.”

And that brings me to what I perceive as the bigger point. Who is in charge of the security of the U.S. energy infrastructure, including the electric grid, and the network of natural gas and crude oil and refined product pipelines? Add the telecommunications and railroad network to that list. I can’t figure out who runs the show. Is it FERC (and NERC)? Is it DOE? Is it DHS? NIST? NRC? NTSB? Is it the White House (heaven forfend, to borrow from George Will’s lexicon)?

It beats the heck out of me, but it seems clear that it isn’t the Department of Homeland Security. Maybe this is something we should figure out?