Beckstrom's resignation lifts lid on opposition to NSA's cybersecurity role
Critics say spy agency shouldn't be allowed to take charge of federal cybersecurity efforts — but DHS also hit for lack of leadership
Computerworld - Last Friday's disclosure that Rod Beckstrom is resigning from his position as one of the federal government's top cybersecurity executives has exposed widespread — though not universal — opposition to the National Security Agency's expanding role in domestic cybersecurity issues.
Many interested parties, including some federal lawmakers, are supporting Beckstrom's contention that allowing an intelligence agency such as the NSA to lead the government's cybersecurity efforts is a bad idea that will do little to foster the broad collaboration needed to protect public and private-sector networks against security threats.
Beckstrom, who currently is director of the National Cyber Security Center, said in a sharply worded letter to Janet Napolitano, secretary of the Department of Homeland Security, that he was resigning effective this Friday — less than a year after being appointed to the job at the NCSC. In the letter, he cited concerns about what he described as the NSA's growing domination of national cybersecurity initiatives as the main reason for his decision to quit.
The NCSC was set up within the DHS last year to oversee and coordinate the government's security defenses and responses to cyberthreats. But Beckstrom claimed in his resignation letter that the NSA was effectively running those efforts and is trying to wrest further control away from the DHS by proposing that the offices of both the NCSC and the National Protection and Programs Directorate, another DHS unit, be moved to the intelligence agency's headquarters at Fort George G. Meade in Maryland.
Letting an intelligence agency play the lead role on cybersecurity issues would be "bad strategy on multiple grounds," Beckstrom contended. He wrote that the intelligence culture embodied by the NSA is "very different than a network operations or security culture," and called for "a credible civilian government cybersecurity capability" in which the NSA would have a role, but not a controlling one.
Similar sentiments were voiced at a hearing on cybersecurity matters held yesterday by a subcommittee of the U.S. House Committee on Homeland Security. For instance, Rep. Bennie Thompson (D-Miss.), the committee's chairman, pointed to Beckstrom's resignation and said it was the result of inefficient leadership, an unclear organizational structure and poorly designed roles and responsibilities within the federal government.
The best way to handle the cybersecurity problem isn't to give more control to the NSA, but instead to rely for leadership on a civilian agency "that interfaces with but is not controlled by NSA," Thompson said. However, he didn't specify which agency he thought should be placed in charge of the government's efforts.
Scott Charney, vice president of Microsoft Corp.'s Trustworthy Computing initiative and one of the witnesses who testified at the hearing, said that letting the NSA take the lead would erode public trust in the effort to protect systems from attackers. There's no question that the NSA has the most technical expertise on cybersecurity of any government agency, Charney acknowledged. But, he said, if government officials want to convince people that the cybersecurity work is "being done in a transparent fashion, the mission cannot rest with the NSA."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts