DHS and cybersecurity: Yes, no, maybe so?

The Department of Homeland Security (DHS) has had a stained reputation almost from the start, and especially since its dismal performance in the wake of Hurricane Katrina. With a new administration coming in January, a lot of smart people are scrutinizing the agency and trying to carve out the way forward.

Read a story about a plan to use RFID in border control draws fire.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The Department of Homeland Security (DHS) has had a stained reputation almost from the start, and especially since its dismal performance in the wake of Hurricane Katrina. With a new administration coming in January, a lot of smart people are scrutinizing the agency and trying to carve out the way forward.

Read a story about a plan to use RFID in border control draws fire.

Among the nagging questions is whether or not DHS should continue to oversee the government's cybersecurity efforts. I'm having trouble forming an opinion.

There's no question DHS is a troubled agency and it's doing not nearly enough to prepare for a potential Cyber 9-11. But I'm skeptical of the idea that Washington will do better by simply moving the responsibility to another part of the government.

Last week, a group of outside experts recommended cybersecurity be moved from DHS -- which "isn't equipped to protect the federal government against cyberattacks" -- to an office within the Obama White House. Many members of the Commission on Cyber Security for the 44th Presidency "felt that leaving any cyber function at DHS would doom that function to failure," according to its recently released 96-page report.

The commission also wants new government regulations to protect computer networks in the United States. Such regulations would call for readjusting government efforts to defend its own infrastructure, but regulations for private industry are also needed, the report said.

It would be easy to agree straight away that cybersecurity could be better handled from within the White House. But it's not necessarily fair to take it out of DHS's hands right now.

For starters, DHS is still a young agency. Clearly too many smaller agencies were crammed into its belly and there's no trace of efficiency in Michael Chertoff's sprawling house. That doesn't mean the problem can't be fixed or at least improved by a change in leadership. [Note: President-Elect Obama has nominated Arizona Gov. Janet Napolitano to succeed Chertoff.]

It's also far from certain the government could do a better job by running cybersecurity efforts from the White House.

I went to Facebook, LinkedIn and Twitter -- my social networking sites of choice -- soliciting opinions on this and, not surprisingly, my unscientific poll showed a split down the middle.

Here's a former colleague and one of my trusted security sources arguing for DHS getting another chance:

The former colleague, via Facebook: "If there are failures or weaknesses there, they should be addressed just like a faulty radar system or poorly designed sub. Ineptitude by any governmental body entrusted with protecting key infrastructure shouldn't be grounds for moving the responsibility to a private agency. Reform the agency, inject resources and leadership."

My security source, via Twitter, pointed out that despite DHS' shortcomings, the agency's cybersecurity people are doing some "super cool" stuff. She wasn't at liberty to explain what those cool things are.