On Thursday, The director of the National Cybersecurity Center, Rod Beckstrom, suddenly resigned his position, citing the NSA and lack of funding as his top reasons.
Beckstrom, an entrepreneur and expert on management, never claimed to have the skills one would think was needed to head the division he did. However, his ideas and planning would have paid off, and did on some levels, until Washington routine got in the way. The lesson here is that politics and security do not mix.
In a letter dated Thursday March 5, 2009, Beckstrom told Michael Chertoff and Janet Napolitano that he would resign effective March 13. He recommended that Mary Ellen Seale be appointed acting director of the National Cybersecurity Center (NCSC). He reminded the two secretaries that the NCC is the “only national body created to fulfill your responsibility to protect networks across the civilian, military, and intelligence communities,” and that it “has the only national coordination authority on cybersecurity issues.” The NCC, the letter stated, is the group responsible for pulling together the composite operating picture and situational awareness on cybersecurity issues.
“The NCC is now prepared to build out this capability for you, but the NCSC did not receive appropriate support inside DHS during the last administration to fully realize this vital role. During the past year the NCSC received only five weeks of funding due to various roadblocks engineered within the department and by the Office of Management and Budget (OMB),” Beckstrom pointed out.
While it is strange to see the NCSC get only five weeks worth of funding, essentially killing their ability to perform, Beckstrom did list some notable accomplishments, thanks to a “tight team of three staff and two detailees.”
Such accomplishments include development of a working model for valuing networks and cybersecurity, which supports the development of more effective cyber policies. They also helped the Department of Defense develop a Web 2.0 cyber operations platform.
However, the lack of funding is not what bothers Beckstrom the most. In his letter he singled out the NSA, and the way they effectively control the DHS’s efforts through detailees, technology insertions, and to top it all off, “the proposed move of the NPPD and the NCSC to a Fort Meade NSA facility.”
“While acknowledging the critical importance of NSA to out intelligence efforts, I believe this is a bad strategy on multiple grounds,” Beckstrom wrote. “The intelligence culture is very different than a network operations or security structure. In addition, the threats to our democratic processes are significant if all top-level government network security and monitoring are handled by any one organization (either directly or indirectly).”
In February, Director of National Intelligence, Admiral Dennis Blair, told the House Intelligence Committee that the NSA should oversee the national cybersecurity efforts and not the DHS.
“We must recognize that cyber-defense is not a one-time fix; it requires a continual investment of hardware, software and cyber-defenses...the Department of Homeland Security is finding its footing in this area,” Blair said. “The National Security Agency has the greatest repository of cyber talent. With due respect to Congressman Hastings’ 24-year-old new hire [Melissa Hathaway], there are some wizards out there at Fort Meade who can do stuff.”
“I think that capability should be harnessed and built on as we’re trying to protect more than just our intelligence networks or our military networks as we expand to our federal networks and to our critical infrastructure networks. And the reason is that because of the offensive mission that they have, they’re the ones who know best about what’s coming back at us and it’s defenses against those sorts of things that we need to be able to build into wider and wider circles.”
Those statements, the lack of funding, and what almost appears to have been a token job placement, equal a serious waste of Beckstrom’s talent, thus leading to his resignation. The downside to the resignation is that it was written four days before the first hearing on the status of the national cybersecurity review ordered by President Obama.
The review will be completed by the end of April 2009.