Share
While the Obama administration adds the finishing touches to a 60-day review of federal cybersecurity policy, due at the end of April, a recent bill proposal in the Senate aims to preempt the creation of a Cybersecurity Advisor post within the Executive Office of the President.
Senators introduce bill calling for a National Cybersecurity Advisor (Img:Rob Crawley/Flickr)
The National Security Council and Homeland Security Council are expected to report the results of a 60-day review of national cybersecurity within the government by the end of this month.
The review itself will develop what will eventually become the framework expected to ensure U.S. cyber security is integrated, resourced, and coordinated with Congress and the private sector. While there have been several attempts in the past to move cyber security to a large scale, ego and politics have always prevented inter-agency cooperation.
One of the recommendations expected from the review is the creation of a Cyber Czar post within the administration to advise Obama on cybersecurity-related matters.
Melissa Hathaway, currently leading the review process, is one of the front runners for the Czar post. Shortly after taking the oath of office, Obama promised to appoint someone as the top cybersecurity advisor, as well as take measures to harden the nation’s infrastructure.
Senators John D. Rockefeller (D-WV) and Olympia Snowe (R-ME) introduced legislation on Wednesday that would address cybercrime, cyber espionage, and attacks on the United State’s infrastructure. In addition, the proposed legislation would establish the Office of the National Cybersecurity Advisor within the Executive Office of the President.
“The National Cybersecurity Advisor will lead this office and report directly to the President. The Advisor will serve as the lead official on all cyber matters, coordinating with the intelligence community, as well as the civilian agencies,” a joint statement said.
“America’s vulnerability to massive cyber crime, global cyber espionage, and cyber attacks has emerged as one of the most urgent national security problems facing our country today,” said Senator Snowe in a press release.
“Our failure to implement effective policies and procedures to protect critical infrastructure, prevent invasive intrusion and conduct an aggressive threat assessment has proven extremely consequential, putting the American information system at grave risk,” added Snowe.
“It is abundantly clear we must unite on all fronts to confront this monumental challenge, if we fail to take swift action, we, regrettably, risk a cyber-Katrina.”
Buzzwords aside, the idea of a bill linking government and private sector security initiatives is great, but the question is why now? Where is the value of proposing a position already expected to be created as a direct result of the current review?
At the end of the 60-day review, along with proposals to strengthen the security of both private and government infrastructure, someone is expected to be named the nations top security advisor. This bill would be better served if, after the review’s findings are known, no such post was recommended and no such advisor named.
There is a heated debate over who should control the government’s cybersecurity. The Department of Homeland Security (DHS) wants to maintain the control it has already, while the National Security Agency (NSA), says it can do a better job.
In February, the Director of National Intelligence, Admiral Dennis Blair, told the House Intelligence Committee that the NSA should oversee the national cybersecurity efforts and not the DHS.
“We must recognize that cyber-defense is not a one-time fix; it requires a continual investment of hardware, software and cyber-defenses...the Department of Homeland Security is finding its footing in this area,” Blair said. “The National Security Agency has the greatest repository of cyber talent. With due respect to Congressman Hastings’ 24-year-old new hire [Melissa Hathaway], there are some wizards out there at Fort Meade who can do stuff.”
Last month, partly because of those statements, Rod Beckstrom, director of the National Cybersecurity Center, resigned. In a letter dated Thursday March 05, 2009, Beckstrom told Michael Chertoff and Janet Napolitano that he would resign effective March 13.
In his letter, he singled out the NSA and the way it effectively control the DHS’s efforts through detailees, technology insertions, and, to top it all off, “the proposed move of the NPPD and the NCSC to a Fort Meade NSA facility.”
“While acknowledging the critical importance of NSA to out intelligence efforts, I believe this is a bad strategy on multiple grounds,” Beckstrom wrote. “The intelligence culture is very different than a network operations or security structure. In addition, the threats to our democratic processes are significant if all top-level government network security and monitoring are handled by any one organization (either directly or indirectly).”
Both Beckstrom and Blair made valid arguments. Security within the private sector is not even close to security on a government level. Some areas overlap, but they are different in almost every aspect with regard to standards, speed, transparency, and adoption. This stark difference is one of the reasons that the 60-day review was ordered to begin with.
There are a few weeks left until the review process is complete. Perhaps the newly proposed bill should wait until then before any further movement is made on it.
Want regular updates from The Tech Herald? Follow us on Twitter.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story