We don't want to run U.S. cybersecurity efforts, NSA chief says

More

RSA Conference

• RSA chief calls for 'inventive collaboration' among security vendors
• Researcher wants hacker groups hounded mercilessly
• We don't want to run U.S. cybersecurity efforts solo, NSA chief says
• EMC, Symantec kick-off security barrage
• Mark Everett Hall: Vendors: We don't need no stinkin' patches!

More in Security Center

Computerworld - SAN FRANCISCO — The director of the National Security Agency (NSA) today downplayed widespread concerns about his agency's growing role in national cybersecurity affairs.

Speaking at the security-oriented RSA Conference 2009 being held here this week, Lt. Gen. Keith Alexander stressed that the NSA has no desire to run cybersecurity for the federal government. Instead, the NSA wants to team up with the U.S. Department of Homeland Security in developing and enforcing cyberdefenses for government and military networks.

"I think we need to dispel the rumor" about the NSA wanting to take control of the national cybersecurity agenda, Alexander said. "It's not NSA or the DHS. It is one team for the good of the nation. The DHS has a really tough job. We want to provide them with the technical support" needed to combat threats in cyberspace.

"That is the right partnership," Alexander said.

His comments appeared aimed at allaying concerns that the spy agency had begun exerting too much influence on the domestic cybersecurity agenda. Those concerns bubbled to the surface in early March when Rod Beckstrom, then director of the National Cybersecurity Center (NCSC) within the DHS announced that he was quitting his post after just a year on the job.

In a resignation letter to DHS Secretary Janet Napolitano, Beckstrom voiced concern over what he said were the NSA's attempts to wrest control of the NCSC from the DHS. The NCSC was set up in January 2008 to coordinate cybersecurity and oversee such efforts across the federal government, and Beckstrom was its first director.

In that letter, Beckstrom noted that the NSA effectively "dominates" most national cybersecurity efforts and had sought to move the offices of the NCSC and the National Protection and Programs Directorate to an NSA facility in Fort Meade, Md. Beckstrom warned that allowing the NSA to run national information security efforts was a "bad strategy" because the intelligence culture embodied by the NSA was at odds with the "network operations or security culture" needed to defend government networks against threats.

Beckstrom's sentiments were shared by others in the security industry and the federal government. Much of the opposition to allowing the NSA to take the lead on cybersecurity arose from concerns that that would do little to foster the broad collaboration needed to protect public- and private-sector networks against security threats. Many critics were worried about what they felt would be the mutually incompatible roles confronting the spy agency if it were given leadership of cybersecurity: covert activities and data collection versus the information sharing needed to build effective defenses against threats.