The Bush administration has defended its tactics, with the president saying this month that the government’s counterterrorism efforts have subverted a number of plots since 9/11, including an anthrax attack and an airplane hijacking plan.

The NSA surveillance program “helps protect Americans,” Bush said in a speech Thursday. He called on Congress to derail court challenges to the NSA program by passing laws approving the program. “If an al-Qaida commander is calling the United States, we need to know why they’re calling,” he said.

In three other IT-related areas, progress has been slow.

Cybersecurity

IT security groups have called for greater U.S. government emphasis on cybersecurity. In July 2005, U.S. Department of Homeland Security (DHS) Secretary Michael Chertoff announced plans to create a high-level position, assistant secretary for cybersecurity, but that position remains unfilled, despite pressure from IT groups.

In addition, the DHS has never scored above an "F" in the federal government’s annual computer security assessment. Another agency that has consistently pulled in "F’s" is the U.S. Department of Veterans Affairs, which was roiled earlier this year following a massive data breach.

Part of the problem is that the government is simply not as interested as it should be in paying for online defense, according to Marcus Sachs, a former Bush administration adviser on Internet security.

"It’s kind of hard to convince the Congress to continue to fund cybersecurity efforts when the entire nation is shaking in its boots over chemical weapons and dirty bombs," said Sachs, who now works for SRI International, a research organization in Menlo Park, Calif. "We’ve not had any attributable cyberstuff that you could trace back to terrorism. ... It’s hard to make a case as to why we need to be worried about it."

Those kinds of attacks may still come, said O. Sami Saydjari, founder and president of Cyber Defense Agency, an IT security research and consulting firm in Wisconsin Rapids, Wis. Just one massive cyberattack would boost U.S. cyberdefense spending, but a major attack could cost U.S. businesses up to US$1 trillion, he said.

The technology to sufficiently harden U.S. cyberdefenses largely exists, but the government needs to create a program to improve the nation’s cybersecurity infrastructure, Saydjari said. “Waiting until we have these attacks is not the time to develop that program,” he added. “Every year, the [cyber] attacks are better.”

Communications interoperability for emergency agencies

Security experts, including the 9/11 Commission, have requested additional radio spectrum so that emergency response agencies can better communicate with each other. During the Sept. 11 attacks, some emergency responders found that their communication systems did not interoperate. More radio spectrum is on the way, but not until February 2009, the deadline Congress set for television stations to vacate the spectrum and move to all-digital broadcasts.