Federal cybersecurity director quits, complains of NSA role
Rod Beckstrom quit the post after less than a year
Computerworld - In a move that highlights differences over who should be in charge of national cybersecurity efforts, the director of a federal office set up to protect civilian, military and intelligence networks has submitted his resignation after less than a year in the job.
Rod Beckstrom, director of the National Cyber Security Center (NCSC), on Friday said he is quitting because of concerns over what he said is the National Security Agency's (NSA) domination of the nation's cybersecurity efforts. The NCSC was set up within the U.S. Department of Homeland Security (DHS) last year to oversee and coordinate efforts to shore up the nation's defenses and responses to cyberthreats.
Beckstrom was appointed to lead the NCSC in March 2008 and was required to report directly to then-DHS Secretary Michael Chertoff.
In a sharply worded letter to current DHS Secretary Janet Napolitano, Beckstrom on Friday noted that the NSA effectively controlled DHS cyberefforts "through detailees, technology insertions" and a proposed move of the National Protection and Programs Directorate and the NCSC to an NSA facility in Fort Meade. His letter, dated March 5, noted that allowing the NSA to control national cybersecurity efforts is a "bad strategy on multiple grounds."
Beckstrom also stressed his unwillingness to "subjugate the NCSC underneath the NSA."
The intelligence culture embodied by the NSA is "very different than a network operations or security culture," said Beckstrom in the letter, a copy of which was obtained by Computerworld. Allowing a single agency such as the NSA to handle all top-level government network security and monitoring functions poses a significant threat to "our democratic processes," he said. "Instead, we advocated a model where there is a credible civilian government cybersecurity capability which interfaces with, but is not controlled by, the NSA."
Beckstrom also lamented the lack of "appropriate" support for his office within the DHS during the Bush administration. He noted that over the past year, his office had received just five weeks' worth of funding because of various roadblocks engineered within the DHS and the White House Office of Management and Budget (OMB).
Beckstrom's resignation is sure to focus attention on a 60-day review of national cybersecurity efforts now under way by Melissa Hathaway, a Bush administration official, at the behest of President Barack Obama. Hathaway has been working as a cybercoordination executive for the Office of the Director of National Intelligence Comprehensive National Cyber Security Initiative, or CNCI.
The CNCI is a highly classified multibillion dollar cybersecurity initiative approved by then-President George W. Bush early last year. Hathaway has been in charge of coordinating and monitoring the CNCI's implementation and was recently asked by Obama to do a complete review of CNCI and other governmentwide cybersecurity initiatives.
Beckstrom's resignation is likely to force Hathaway to address the issue of who should run the government's overall national cybersecurity efforts. Even before Beckstrom's announcement, questions had arisen about the idea of letting the NSA taking the lead on cybersecurity issues. At a congressional hearing as far back as February 2008, lawmakers had expressed concern about the NSA's role in the CNCI, especially because of the classified nature of the initiative.
In December, a panel of security experts from the Center for Strategic and International Studies delivered a set of cybersecurity recommendations for the Obama administration explicitly calling on the White House to take overall charge of cyberinitiatives, not the NSA.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts