A decade after the Department of Homeland Security was set up in response to the deadliest attack on U.S. soil, lawmakers and past administrators said Wednesday they see the agency's focus shifting to the nation's cyber security in the coming years.
But how that role is defined remains muddled by the department's unclear authority, about 15 unfilled leadership positions, limited oversight and tasks that are duplicative of other agencies.
At a Senate Homeland Security Committee hearing aptly held on the 12-year anniversary of the Sept. 11 terrorist attacks, lawmakers sought to begin a large-scale reassessment of DHS, now in its 10th year, that could require a congressional overhaul of the department. Much of the focus centered on how the agency can serve as a conduit between the CIA, FBI and National Security Agency and the private sector to prevent future cyber attacks.
But it's not clear if the department has the means — or the power — to address the growing concerns of a digital war.
"As far as cyber capabilities go, if the NSA has a Doberman, if the FBI has a German shepherd, then DHS has a Chihuahua," said Sen. Tom Carper, D-Del. "Nothing against Chihuahuas, but they need a bigger dog because this is a big fight."
Sen. Tom Coburn, R-Okla., warned, however, that the Homeland Security budget has already ballooned in recent years without oversight to ensure the money is well spent and isn't duplicating tasks of other agencies. That sentiment was echoed by past administrators.
"Your frustration with the growth of the department in terms of personnel and dollars is something that I share a little bit. More is not necessarily better," said Tom Ridge, former DHS secretary under President Bush.
But lawmakers, Ridge and other panelists agreed that cyber security remains the most compelling area for Homeland Security to focus resources. Ridge said a cyber attack "may end up being a cyber Katrina where we had notice, but we weren't as prepared as we should have been." And former assistant director of Homeland Security Stewart Baker said that "probably everybody on this panel, and certainly everybody on this committee, has been attacked."
Baker said the U.S. should punish cyber criminals to deter future problems and that DHS could work with private companies that face attacks daily from hackers to help gather information and locate criminals and foreign threats.
"If we experimented with giving the companies that are under attack more authority to investigate their attackers under the guidance and supervision of the government, we could make more cases and impose more sanctions on people who are attacking us," Baker said.