An independent agency that reports directly to the White House should oversee federal cybersecurity efforts, said former government officials, a move that could relieve growing tension between the intelligence community and the Homeland Security Department over who leads such initiatives.
In a March 5 letter resigning as director of the National Cybersecurity Center, Rod Beckstrom expressed frustration over the growing influence of the National Security Agency's efforts, pointing to the agency's high levels of staffing and technology that support cyber initiatives and to the proposed move of two DHS organizations, the National Protection and Programs Directorate and the National Cybersecurity Center, to a Fort Meade, Md. NSA facility. The agency effectively controls DHS cyber initiatives and dominates most national efforts, which Beckstrom called "a bad strategy." The letter lists his last day as March 13.
Former DHS secretary Michael Chertoff established the National Cybersecurity Center in March 2008 to coordinate cyber efforts and to improve situational awareness and information sharing across federal agencies. The center was one of a dozen parts of the Comprehensive National Cybersecurity Initiative President Bush created.
"In order to make real progress, we've got to come up with a mechanism that's not buried within a single department or Cabinet office," said Dale Meyerrose, former chief information officer for the Office of the Director of National Intelligence. He currently serves as vice president and general manager of cyber and information assurance for the information technology consulting firm Harris Corp. "Cyberspace delivers value -- it's the underpinning of virtually everything in our society. The president needs to have an office that is directly accountable to him and responsible for the funding, operation, maintenance and protection of cyberspace." That office should make cybersecurity one component of a larger mission to fully leverage the Internet, he said.
"The [Obama] administration needs to create a cyber defense agency that has far reaching mission," said one former NSA official who asked to remain anonymous. "The agency needs the ability to set strong national policies that can be validated and enforced. And it has to be completely independent, where its only responsibility is cyber; neither DHS or NSA or any other agency can offer that focus."
Beckstrom, however, warned in his letter against a single entity overseeing all cyber initiatives, saying such a strategy would threaten democratic processes. Instead he advocated a cybersecurity model where "DHS interfaces with, but is not controlled by, the NSA." While that is supposed to be the current strategy, Beckstrom indicated NSA actually controls the majority of initiatives. The intelligence community is equipped to focus on counterterrorism tactics, Beckstrom said, while DHS can focus on coordinating civilian agencies and developing partnerships with the private sector.
"There's recognition on both sides that the intelligence community and DHS have different roles," said Gregory Garcia, who served as assistant secretary of cybersecurity and telecommunications at DHS during the Bush administration and now runs his own information security consulting firm, Garcia Strategies.
"DHS is primarily focused on defensive protection -- a role that requires a close, integrated relationship with the private sector," Garcia said. "That relationship is not one that the intelligence community should have, or can have; there are a number of privacy and political issues that prevent that." He argued for a coordinated interagency process, where each principal agency manages its own responsibilities. Forming a new agency, while "an enticing idea," Garcia said, would distract agencies from the momentum they've already built in addressing cybersecurity, and eat up too much time and resources.
Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, said an independent agency would solve many problems, but he also acknowledged the practical challenges associated with standing up an independent organization. As program manager of the Commission on Cybersecurity for the 44th Presidency, Lewis has recommended to Congress that the White House lead cyber efforts.
"I don't think it's a tug of war between NSA and DHS, mainly because I think DHS is out of the running," he said.