Internet warfare: Are we focusing on the wrong things?

Lack of vision and leadership have left the U.S. woefully unprepared for a cyber catastrophe.

1 2 3 4 5 Page 2
Page 2 of 5

Implement strong leadership

If the national information security agenda seems like a ship adrift on the high seas, that's because there's no one at the helm, say security executives and analysts alike. Or at least no one who has been truly capable of enforcing the order needed to steer a steady course.

On paper at least, the DHS is responsible for overseeing information security across the federal government. But for most of its existence, the agency's leadership on information security issues has been conspicuous by its absence. Even where it has tried, its efforts have been less than successful.

A National Cyber Security Center (NCSC) that was set up within the DHS in January 2008 with the specific task of coordinating information security across the federal government has so far failed to get off the ground. In March, its first director, Rod Beckstrom quit the post after just a year on the job, citing a lack of support from within the DHS and turf wars with the National Security Agency (NSA).

Rod Beckstrom
Rod Beckstrom

At the time he quit, the NCSC had almost no funding for the effort, just two employees and two "detailees" from the NSA. "If you are going to run a major coordination effort, you got to have the resources to build that capability," he says, adding that "the financial constraints which have been placed upon the NCSC are simply ridiculous and leave the nation vulnerable to attack."

The NSA, which is in charge of the Comprehensive National Cybersecurity Initiative (CNCI), has been jostling for broader control of the federal information security agenda. But while almost everyone acknowledges that the NSA can bring the skills, the experience and the clout needed for the job, the prospect of a spy agency running the domestic cyberagenda is not sitting well with most.

Rather, the role of setting, overseeing and coordinating a national information security agenda needs to rest directly with the White House, according to the Center for Strategic and International Studies (CSIS) and others. The DHS and other federal agencies would then work with a new specially created White House Office of Cyberspace to roll out and manage security policy.

Unlike the DHS, "the White House has the authority to make agencies act,'" says Gregory Wilshusen, director of information security issues at the U.S. Government Accountability Office (GAO). Establishing White House responsibility will ensure that agencies and other stakeholders cooperate in marshaling the resources needed to implement a national cyberstrategy, he says.

Create a national strategy for defending cyberspace

Over the past few years, billions of dollars have been poured into cybersecurity across the federal government. The investments have yielded numerous scatter-shot efforts such as a smart card identity credential rollout across federal agencies, a governmentwide move to more-secure Internet protocols and the highly classified CNCI to boost the ability of government to detect and respond to threats and security vulnerabilities in near real-time.

The initiatives are expected to yield significant benefits down the road, but none of them is tied to any broader strategic goals or missions. One of the biggest current needs is for a comprehensive national security strategy that sets the agenda for how, where, when and why security investments such as these need to be made and who will be responsible for enforcing them. The strategy will need to spell out baseline standards for entities in critical infrastructure areas.

1 2 3 4 5 Page 2
Page 2 of 5
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon