Homeland Security Secretary Michael Chertoff said on Thursday that Defense Department and intelligence agencies working in a largely classified manner with the private sector should "take a hard look" at whether some of the work done in conjunction with the national cybersecurity initiative President Bush unveiled in January can be declassified.
"We need to get the American public engaged in this," Chertoff told participants at a cyber threat simulation staged by Booz Allen Hamilton and Business Executives for National Security. "We need to protect sources and methods, but sometimes we become so overprotective."
He noted the Internet has thrived through a culture of collaboration and cooperation rather than command and control, and the Obama administration will have to make public engagement over privacy protection a core component of its cybersecurity plan.
Government and business stakeholders should temper their enthusiasm so as not to be "uninvited guests" in the Web world, he added, warning that any backlash in that arena would dwarf the outcry over telecommunications providers' involvement in government wiretapping programs.
Chertoff predicted cyber threats will be a significant area of focus for Obama's national security team, and the government-business partnership formed in early 2008 is "beginning to work very well." Stakeholders have used existing coordinating councils in information technology and communications, financial services, and power generation to share strategies for identifying network vulnerabilities and combating attacks, while a cross-sector working group meets monthly, he said.
DHS has focused has been paid to threats in the chemical, IT and finance sectors, where there is the most concern about the collateral impact of an attack. "We've seen what a crisis of confidence can do to our financial system over the last six months, and that was essentially an accounting problem," he said.
During his remarks, Chertoff downplayed recommendations from a panel from the Center for Strategic and International Studies that cyber leadership for the new administration should reside in the White House and not within DHS. "I would be hesitant to see the White House get into the operational activity of the Internet for a variety of reasons -- some legal, some historical," he said.