Modernizing Authentication — What It Takes to Transform Secure Access
U.S. government military and civilian authorities have taken a significant step toward streamlining the federal response to the mounting cyber threats menacing the nation's digital systems, announcing a formal partnership to pool resources between the Departments of Defense and Homeland Security.
In a joint memorandum (available here in PDF format) to take immediate effect, the two departments on Wednesday outlined a new framework that will provide for an exchange of cybersecurity experts and the sharing of equipment and facilities, while retaining each agency's distinctive civilian and military missions.
"This structure is designed to put the full weight of our combined capabilities and expertise behind every action taken to protect our vital cybernetworks, without altering the authorities or oversight of our separate, but complementary, missions," Defense Secretary Robert Gates and DHS Secretary Janet Napolitano said in a joint statement.
The civilian and military divide has been a central fault line in the simmering debate over how to accomplish federal cybersecurity reform. Senate Republicans, most notably Arizona's John McCain, have objected to reform legislation that would vest DHS with the lead authority in securing civilian government systems, arguing that the Defense Department is better equipped to handle that task.https://l1.cdn.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The departments are billing their new partnership as an outgrowth of the cybersecurity reform agenda President Obama released last May, calling for, among other things, more effective coordination across the various agencies and departments, as well as the private sector, research organizations and other groups. Government officials and outside experts often note that federal cybersecurity efforts have been slowed by interagency turf wars and insufficient communication among the various stakeholders.
The joint memo stipulates that DoD will embed cybersecurity experts within Homeland Security's National Cybersecurity and Communications Integration Center. Likewise, DHS will send a senior leader to the National Security Agency, which is collocated with the DoD's recently formed Cyber Command, with both operations headed by Gen. Keith Alexander.
Additionally, DHS will send a cadre of support personnel to NSA, including legal, privacy and civil liberties experts. Just as critics have argued that DHS is too inefficient and lacking in technical expertise to take the lead in securing critical digital infrastructure, privacy advocates have raised concerns about housing too much of the responsibility at NSA, an agency noted for its secrecy and tainted, in the eyes of some, for its role in coordinating the warrantless domestic wiretapping program initiated during the Bush administration.
In testimony in various congressional proceedings and other public appearances dating back to his Senate confirmation hearing, Alexander has made it a point to emphasize his commitment to protecting civil liberties amid the ongoing work of NSA and Cyber Command to combat and preempt digital threats.
Follow eSecurityPlanet on Twitter @eSecurityP.