0
nerdgirl

Should the NSA or DHS have authority over domestic cybersecurity?

By nerdgirl, in Speakers Corner

Recommended Posts

nerdgirl    0

nerdgirl
Last week the director of the National Cybersecurity Center resigned citing interference from the NSA.

In his resignation letter, Mr. Beckstrom, a former Silicon Valley entrepreneur, asserted that the “NSA effectively controls DHS cyber [security] efforts … during the past year the NCSC received only 5 weeks of funding …” and cited cultural differences between the civilian-controlled and civilian-network-oriented

In the WSJ article (first link above), it was noted that “Some Homeland Security officials said Mr. Beckstrom’s criticism stemmed from personality clashes and an inability to adapt to the way business is done in Washington.”

National Security Presidential Directive 54/Homeland Security Presidential Directive 23, signed by President Bush in Janaury 2008, designated the DHS as lead agency for domestic cybersecurity and interagency coordination of cybersecurity.

The NSA/CSS is a Title 50 agency (i.e., it’s part of the intelligence community) with the “core missions to protect U.S. national security systems and to produce foreign signals intelligence information.” By law, the NSA is supposed to limit its surveillance to foreign nationals and non-domestic signals (there have been some recent exceptions to this).

So what do you think: should civilian cybersecurity, which extends to the networks used by the private sector, be led by DHS, NSA, or something else?

/Marg

Act as if everything you do matters, while laughing at yourself for thinking anything you do matters.
Tibetan Buddhist saying

Share this post

Link to post
Share on other sites

Gawain    0

Gawain
I voted "something else". I believe the telcos and other companies associated with Tier 1 networks (AT&T, Verizon, NTT, L3, Global Crossing, etc) are better equipped and have a vested interest in doing so. It's also a broader asset base and does not centralize things. That is a benefit for security in my mind, no single target.
So I try and I scream and I beg and I sigh
Just to prove I'm alive, and it's alright
'Cause tonight there's a way I'll make light of my treacherous life
Make light!

Share this post

Link to post
Share on other sites

nerdgirl    0

nerdgirl
As no clear resolution was able to be reached between DHS and NSA, Congress is stepping in to elevate responsibility/authority over domestic cybersecurity to a cabinet level, 'cyber-czar.'

Senators Jay Rockefeller (D-WV) and Olympia Snowe (R-ME) are crafting new legislation to move authority to the White House, require NIST standards for both government and private sector (critical infrastructure), establish licensing for cybersecurity professionals (something like professional engineers), explore deterrence (now that's a 'fun' one, imo), and other options.

/Marg

Act as if everything you do matters, while laughing at yourself for thinking anything you do matters.
Tibetan Buddhist saying

Share this post

Link to post
Share on other sites

champu    1

champu
By definition, the reach of NSA's authority can vary as wildly as what one considers to be matters of "national security."

Developing standards of protection and means to implement those standards for military and government systems? That's pretty clear cut. Protecting vital infrastructure systems like public safety, power production, and power distribution. I could probably be talked into standing behind that. Internet service providers? Financial institutions? ehh... you're losing me.

I think standards development is the way to go, and while it probably wouldn't be a bad idea to consult NSA along the way, I wouldn't have them run the show. They've got enough to worry about.

Share this post

Link to post
Share on other sites

kelpdiver    2

kelpdiver
Quote


As no clear resolution was able to be reached between DHS and NSA, Congress is stepping in to elevate responsibility/authority over domestic cybersecurity to a cabinet level, 'cyber-czar.'



Since the existing ones are going to overstep their bounds anyway, I'd just as soon leave it with one of them, rather than create yet another nosy bureaucracy to hassle everyone with an open WAP.

Share this post

Link to post
Share on other sites

Gawain    0

Gawain
Quote


As no clear resolution was able to be reached between DHS and NSA, Congress is stepping in to elevate responsibility/authority over domestic cybersecurity to a cabinet level, 'cyber-czar.'

Senators Jay Rockefeller (D-WV) and Olympia Snowe (R-ME) are crafting new legislation to move authority to the White House, require NIST standards for both government and private sector (critical infrastructure), establish licensing for cybersecurity professionals (something like professional engineers), explore deterrence (now that's a 'fun' one, imo), and other options.

/Marg



This, I would say, is a move in the wrong direction.

Any move. Any move by Congress, on any issue at this point, is a wrong move.

Thanks for the heads-up, I have another issue to discuss with my Senators and Congressman.
So I try and I scream and I beg and I sigh
Just to prove I'm alive, and it's alright
'Cause tonight there's a way I'll make light of my treacherous life
Make light!

Share this post

Link to post
Share on other sites

nerdgirl    0

nerdgirl
From real-world experience, that Congress is injecting itself and proposing a new public law is an indicator (usually) suggesting that things are highly problematic to FUBAR w/in the Executive Branch w/r/t the specific issue.

Having an executive resign in the way it was done and with the reasoning given speaks to level of dysfunction and likely ‘rice bowl’ issues. The Executive Branch rarely, very-very-very-very-almost-never-ever rarely, wants Congress to do that kind of thing (regardless of political party).

/Marg

Act as if everything you do matters, while laughing at yourself for thinking anything you do matters.
Tibetan Buddhist saying

Share this post

Link to post
Share on other sites

nerdgirl    0

nerdgirl
Quote

Quote


As no clear resolution was able to be reached between DHS and NSA, Congress is stepping in to elevate responsibility/authority over domestic cybersecurity to a cabinet level, 'cyber-czar.'



Since the existing ones are going to overstep their bounds anyway, I'd just as soon leave it with one of them, rather than create yet another nosy bureaucracy to hassle everyone with an open WAP.



And to add to the agencies in play: Gen Chilton, head of DoD’s Strategic Command (STRATCOM) testified to the HASC last week (p. 11 starts prepared testimony on cyber threats and preparedness):

“Cyberspace is a national challenge, further complicated, in many cases, by the physical location of the servers and constructs (organizational & administrative) developed for physical domains. All networks, regardless of their location, are at risk. Whether a network domain ends in .com, .edu, .org, .gov, or .mil makes no difference, as cyberspace intrusions can rapidly cross between military and civilian networks. Cyber threats demand new approaches to managing information, securing information systems, and ensuring our ability to operate through an attack.”

/Marg

Act as if everything you do matters, while laughing at yourself for thinking anything you do matters.
Tibetan Buddhist saying

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing