Government Cybersecurity in Disarray
Coordinating the plethora of government groups that handle security is easier said than done.
Corralling the multitude of federal agencies overseeing national cybersecurity is no easy feat. Trying to determine the appropriate roles for the FBI, Departments of Justice and Homeland Security, National Security Agency and others can quickly devolve into a muddled bowl of alphabet soup.
To try to make sense out of that hash, the Subcommittee on Emerging Threats, Cybersecurity, Science and Technology held the first of three hearings it plans this month to review the federal cybersecurity mission. The next, scheduled for March 24, will examine the threats to the nation's electrical system as an Internet-enabled smart grid begins to materialize.
Today's hearing also comes just days after the resignation of Rod Beckstrom, who had been heading the National Cyber Security Center at the Department of Homeland Security. Beckstrom complained that too much of the federal cybersecurity efforts are housed in the National Security Agency, a highly secretive intelligence agency administered by the Defense Department.
The witnesses at today's hearing echoed Beckstrom's concern that the unique culture of the NSA is not conducive to fighting cyber threats the way that companies in the private sector are accustomed.
"There is a clear and distinct conflict of interest between intelligence objectives and those of system operators," said Amit Yoran, chairman and CEO of NetWitness, and a former head of cybersecurity operations at DHS. "Simply put, the intelligence community has always and will always prioritize [intelligence operations] over the defenses and protection of our nation's digital systems."
Don't consolidate cyber defenses
Yoran agreed with Beckstrom and the other witnesses that the NSA has the deepest talent pool of cybesecurity experts, but warned against the continued consolidation of the nation's cyber defenses in the hands of the secretive agency.
"It is in grave peril if this effort is dominated by the intelligence community," he said.
The panelists also stressed the importance of government partnering with private industry to combat cyber threats, a collaboration that can break down in an intensely classified environment with burdensome regulations.
Several of the witnesses and lawmakers called for a strengthening of DHS' role in cybersecurity. That agency has suffered from a reduced budget and a declining stature since George W. Bush enacted his Cyber Initiative in January 2008.
Obama has pledged to create a new position of a federal cyber advisor, who would report to him and coordinate among the various agencies involved in cybersecurity.
Critics of the government's lackluster response to cyber threats in the past -- including some who appeared at today's hearing -- have argued that for cybersecurity to become a top priority in a crowded national security agenda, the effort needs a leader in the White House with the president's ear.
Scott Charney, Microsoft's vice president for trustworthy computing, told the lawmakers that DHS is best suited to playing a coordinating role in various agencies' operations, but that the ultimate responsibility for a national cybersecurity strategy should be placed at the highest level.
"It has to determine very difficult questions like when is a cyber attack an act of war, and what is your proportional response? Those kinds of key decisions have to be done at the White House level," Charney said.
This article was first published on InternetNews.com.