recommended reading

Tension mounts between agencies over cybersecurity oversight

An independent agency that reports directly to the White House should oversee federal cybersecurity efforts, said former government officials, a move that could relieve growing tension between the intelligence community and the Homeland Security Department over who leads such initiatives.

In a March 5 letter resigning as director of the National Cybersecurity Center, Rod Beckstrom expressed frustration over the growing influence of the National Security Agency's efforts, pointing to the agency's high levels of staffing and technology that support cyber initiatives and to the proposed move of two DHS organizations, the National Protection and Programs Directorate and the National Cybersecurity Center, to a Fort Meade, Md. NSA facility. The agency effectively controls DHS cyber initiatives and dominates most national efforts, which Beckstrom called "a bad strategy." The letter lists his last day as March 13.

Former DHS secretary Michael Chertoff established the National Cybersecurity Center in March 2008 to coordinate cyber efforts and to improve situational awareness and information sharing across federal agencies. The center was one of a dozen parts of the Comprehensive National Cybersecurity Initiative President Bush created.

"In order to make real progress, we've got to come up with a mechanism that's not buried within a single department or Cabinet office," said Dale Meyerrose, former chief information officer for the Office of the Director of National Intelligence. He currently serves as vice president and general manager of cyber and information assurance for the information technology consulting firm Harris Corp. "Cyberspace delivers value -- it's the underpinning of virtually everything in our society. The president needs to have an office that is directly accountable to him and responsible for the funding, operation, maintenance and protection of cyberspace." That office should make cybersecurity one component of a larger mission to fully leverage the Internet, he said.

"The [Obama] administration needs to create a cyber defense agency that has far reaching mission," said one former NSA official who asked to remain anonymous. "The agency needs the ability to set strong national policies that can be validated and enforced. And it has to be completely independent, where its only responsibility is cyber; neither DHS or NSA or any other agency can offer that focus."

Beckstrom, however, warned in his letter against a single entity overseeing all cyber initiatives, saying such a strategy would threaten democratic processes. Instead he advocated a cybersecurity model where "DHS interfaces with, but is not controlled by, the NSA." While that is supposed to be the current strategy, Beckstrom indicated NSA actually controls the majority of initiatives. The intelligence community is equipped to focus on counterterrorism tactics, Beckstrom said, while DHS can focus on coordinating civilian agencies and developing partnerships with the private sector.

"There's recognition on both sides that the intelligence community and DHS have different roles," said Gregory Garcia, who served as assistant secretary of cybersecurity and telecommunications at DHS during the Bush administration and now runs his own information security consulting firm, Garcia Strategies.

"DHS is primarily focused on defensive protection -- a role that requires a close, integrated relationship with the private sector," Garcia said. "That relationship is not one that the intelligence community should have, or can have; there are a number of privacy and political issues that prevent that." He argued for a coordinated interagency process, where each principal agency manages its own responsibilities. Forming a new agency, while "an enticing idea," Garcia said, would distract agencies from the momentum they've already built in addressing cybersecurity, and eat up too much time and resources.

Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, said an independent agency would solve many problems, but he also acknowledged the practical challenges associated with standing up an independent organization. As program manager of the Commission on Cybersecurity for the 44th Presidency, Lewis has recommended to Congress that the White House lead cyber efforts.

"I don't think it's a tug of war between NSA and DHS, mainly because I think DHS is out of the running," he said.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.