Federal cybersecurity director quits, complains of NSA role

Eugen Leitl eugen at leitl.org
Tue Mar 10 07:22:38 PDT 2009


http://www.computerworld.com/action/article.do?command=printArticleBasic&taxonomyName=IT+in+Government&articleId=9129218&taxonomyId=69 


Federal cybersecurity director quits, complains of NSA role

Rod Beckstrom quit the post after less than a year

Jaikumar Vijayan
 

March 8, 2009 (Computerworld) In a move that highlights differences over who
should be in charge of national cybersecurity efforts, the director of a
federal office set up to protect civilian, military and intelligence networks
has submitted his resignation after less than a year in the job.

Rod Beckstrom, director of the National Cyber Security Center (NCSC), on
Friday said he is quitting because of concerns over what he said is the
National Security Agency's (NSA) domination of the nation's cybersecurity
efforts. The NCSC was set up within the U.S. Department of Homeland Security
(DHS) last year to oversee and coordinate efforts to shore up the nation's
defenses and responses to cyberthreats.

Beckstrom was appointed to lead the NCSC in March 2008 and was required to
report directly to then-DHS Secretary Michael Chertoff.

In a sharply worded letter to current DHS Secretary Janet Napolitano,
Beckstrom on Friday noted that the NSA effectively controlled DHS
cyberefforts "through detailees, technology insertions" and a proposed move
of the National Protection and Programs Directorate and the NCSC to an NSA
facility in Fort Meade. His letter, dated March 5, noted that allowing the
NSA to control national cybersecurity efforts is a "bad strategy on multiple
grounds."

Beckstrom also stressed his unwillingness to "subjugate the NCSC underneath
the NSA."

The intelligence culture embodied by the NSA is "very different than a
network operations or security culture," said Beckstrom in the letter, a copy
of which was obtained by Computerworld. Allowing a single agency such as the
NSA to handle all top-level government network security and monitoring
functions poses a significant threat to "our democratic processes," he said.
"Instead, we advocated a model where there is a credible civilian government
cybersecurity capability which interfaces with, but is not controlled by, the
NSA."

Beckstrom also lamented the lack of "appropriate" support for his office
within the DHS during the Bush administration. He noted that over the past
year, his office had received just five weeks' worth of funding because of
various roadblocks engineered within the DHS and the White House Office of
Management and Budget (OMB).

Beckstrom's resignation is sure to focus attention on a 60-day review of
national cybersecurity efforts now under way by Melissa Hathaway, a Bush
administration official, at the behest of President Barack Obama. Hathaway
has been working as a cybercoordination executive for the Office of the
Director of National Intelligence Comprehensive National Cyber Security
Initiative, or CNCI.

The CNCI is a highly classified multibillion dollar cybersecurity initiative
approved by then-President George W. Bush early last year. Hathaway has been
in charge of coordinating and monitoring the CNCI's implementation and was
recently asked by Obama to do a complete review of CNCI and other
governmentwide cybersecurity initiatives.

Beckstrom's resignation is likely to force Hathaway to address the issue of
who should run the government's overall national cybersecurity efforts. Even
before Beckstrom's announcement, questions had arisen about the idea of
letting the NSA taking the lead on cybersecurity issues. At a congressional
hearing as far back as February 2008, lawmakers had expressed concern about
the NSA's role in the CNCI, especially because of the classified nature of
the initiative.

In December, a panel of security experts from the Center for Strategic and
International Studies delivered a set of cybersecurity recommendations for
the Obama administration explicitly calling on the White House to take
overall charge of cyberinitiatives, not the NSA.





More information about the cypherpunks-legacy mailing list