recommended reading

Tension mounts between agencies over cybersecurity oversight

An independent agency that reports directly to the White House should oversee federal cybersecurity efforts, said former government officials, a move that could relieve growing tension between the intelligence community and the Homeland Security Department over who leads such initiatives.

In a March 5 letter resigning as director of the National Cybersecurity Center, Rod Beckstrom expressed frustration over the growing influence of the National Security Agency's efforts, pointing to the agency's high levels of staffing and technology that support cyber initiatives and to the proposed move of two DHS organizations, the National Protection and Programs Directorate and the National Cybersecurity Center, to a Fort Meade, Md. NSA facility. The agency effectively controls DHS cyber initiatives and dominates most national efforts, which Beckstrom called "a bad strategy." The letter lists his last day as March 13.

Former DHS secretary Michael Chertoff established the National Cybersecurity Center in March 2008 to coordinate cyber efforts and to improve situational awareness and information sharing across federal agencies. The center was one of a dozen parts of the Comprehensive National Cybersecurity Initiative President Bush created.

"In order to make real progress, we've got to come up with a mechanism that's not buried within a single department or Cabinet office," said Dale Meyerrose, former chief information officer for the Office of the Director of National Intelligence. He currently serves as vice president and general manager of cyber and information assurance for the information technology consulting firm Harris Corp. "Cyberspace delivers value -- it's the underpinning of virtually everything in our society. The president needs to have an office that is directly accountable to him and responsible for the funding, operation, maintenance and protection of cyberspace." That office should make cybersecurity one component of a larger mission to fully leverage the Internet, he said.

"The [Obama] administration needs to create a cyber defense agency that has far reaching mission," said one former NSA official who asked to remain anonymous. "The agency needs the ability to set strong national policies that can be validated and enforced. And it has to be completely independent, where its only responsibility is cyber; neither DHS or NSA or any other agency can offer that focus."

Beckstrom, however, warned in his letter against a single entity overseeing all cyber initiatives, saying such a strategy would threaten democratic processes. Instead he advocated a cybersecurity model where "DHS interfaces with, but is not controlled by, the NSA." While that is supposed to be the current strategy, Beckstrom indicated NSA actually controls the majority of initiatives. The intelligence community is equipped to focus on counterterrorism tactics, Beckstrom said, while DHS can focus on coordinating civilian agencies and developing partnerships with the private sector.

"There's recognition on both sides that the intelligence community and DHS have different roles," said Gregory Garcia, who served as assistant secretary of cybersecurity and telecommunications at DHS during the Bush administration and now runs his own information security consulting firm, Garcia Strategies.

"DHS is primarily focused on defensive protection -- a role that requires a close, integrated relationship with the private sector," Garcia said. "That relationship is not one that the intelligence community should have, or can have; there are a number of privacy and political issues that prevent that." He argued for a coordinated interagency process, where each principal agency manages its own responsibilities. Forming a new agency, while "an enticing idea," Garcia said, would distract agencies from the momentum they've already built in addressing cybersecurity, and eat up too much time and resources.

Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, said an independent agency would solve many problems, but he also acknowledged the practical challenges associated with standing up an independent organization. As program manager of the Commission on Cybersecurity for the 44th Presidency, Lewis has recommended to Congress that the White House lead cyber efforts.

"I don't think it's a tug of war between NSA and DHS, mainly because I think DHS is out of the running," he said.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.