The Homeland Security Department official in charge of protecting the nation's physical and computer infrastructure is stepping down at the end of the month in the latest in a string of departures at the department's struggling cyber-security division.
The announcement by Robert P. Liscouski, the department's assistant secretary for infrastructure protection, comes as technology executives and experts increasingly say that the Bush administration is giving short shrift to computer security.
Attacks continue to proliferate and have become more sophisticated, whether they be viruses and phony solicitations aimed at home computer users or assaults on the networks of companies and other organizations.
This week, for example, George Mason University said hackers gained access to a database of names and Social Security numbers of the school's 32,000 students and employees.
Liscouski has been criticized inside and outside the department for impeding cyber-division initiatives that might give it a higher profile. Liscouski, who said he is resigning to become chief executive of Content Analyst Co. LLC, a Reston company that gleans intelligence from analyzing text, defended his record.
"I believe DHS has made tremendous first steps," he said.
Amit Yoran, who headed the agency's cyber-security division, resigned in October. Yoran did not criticize Liscouski publicly, but sources close to him said he was frustrated at his inability to make the agency more aggressive against cyber-security threats. The sources spoke on the condition of anonymity because they do not want to jeopardize relations with the department.
Yoran was the third person to quit the post in 18 months. Also leaving the department this month is Lawrence C. Hale, the cyber-security division's deputy director.
Lack of coordination
In July, the Homeland Security Department's inspector general found that the division's efforts suffered from a lack of coordination, poor communication and a failure to set priorities.
The division "must address these issues to reduce the risk that the critical infrastructure may fail due to cyber attacks," the report said. "The resulting widespread disruption of essential services after a cyber attack could delay the notification of emergency services, damage our economy and put public safety at risk."
Arthur W. Coviello Jr., chief executive of RSA Security Inc., said yesterday that Liscouski "did not focus enough on cyber-security during his tenure, and his resignation provides a window for the administration and the new secretary to get it right." President Bush yesterday nominated former Justice Department prosecutor Michael Chertoff to replace Homeland Security Secretary Tom Ridge, who announced his resignation last month.
F. William Conner, chief executive of Entrust Inc., another technology-security company, said that the nation lost valuable time during Liscouski's watch.
"The outside world is moving very fast, and we have not been able to keep ahead of the threats," Conner said.
Liscouski responded by referring to a number of cyber-security programs developed under his tenure.
'A solid foundation'
"The private sector has a responsibility for doing most of the things we laid out in the strategy, but what we've seen is a lot of people from industry who are saying the government has to do more but are unwilling to define what they themselves need to do," Liscouski said.
In a written statement, Ridge praised Liscouski for providing "a solid foundation for protecting our nation's critical infrastructure, and this department will benefit from his efforts for years to come."
William F. Pelgrin, director of cyber-security for the state of New York, credits Liscouski for working with state law enforcement to create a 49-state network to share information on physical and cyber-security threats.
Technology executives supported legislation that would have elevated the cyber-security division head to the level of assistant secretary.
Congress appeared ready to do that as part of the intelligence bill last month, but the provision was removed from the bill after lobbying by Liscouski and other administration officials.
Many experts and executives also supported giving the cyber-division authority over the national telecommunications infrastructure, which carries Internet traffic.
Before the Sept. 11, 2001, terrorist attacks, a cyber-security office was part of the White House. The decision to move it to the Homeland Security Department was regarded by many in the technology industry as downgrading cyber-security's importance by the Bush administration.
James A. Lewis, director of the technology and public policy program at the Center for Strategic and International Studies in Washington, said many people in the administration believed that before to the creation of the department there was an over-emphasis on computer security issues and not enough focus on protecting other parts of the nation's infrastructure.
"That's a legitimate policy debate to have, but unfortunately it was clouded by internal bureaucratic politics and turf fights," Lewis said.
Brian Krebs is a staff writer for washingtonpost.com.