I'm relatively new to the cyber security problem -- and it is a problem, even though the United States government was calm enough to spend only $5 million [not a typo!] on Internet infrastructure in 2008, and I'm still trying to ask the right questions.
Acronymed government agencies want control over the terrain, and their client contractors are waging PR wars on their behalf. It's a sight to behold.
But the real debate -- or, rather, the key to at least getting the questions right -- might be found in the nature of the Net itself.
Rob Beckstrom is the former chief U.S. cyber security official who resigned in March because, he said, the National Security Agency was muscling into his operation too aggressively, and that the culture of intelligence differs profoundly from the culture need to build and operate a cyber security infrastructure.
Via e-mail, he sent some thoughts about what the U.S. government must do -- and by implication -- what it should not do.
"'Who's in charge' has been a topic of political debate in DC since Dick Clarke first raised the cybersecurity issue in the late 1990's," he said via e-mail. "No matter how and where the boxes are drawn, let's get to work on re-architecting and evolving the Internet for the benefit of all."
Though Beckstrom didn't quite say this, I think he is worried that if the NSA -- by mission a parochial, defensive intelligence organization -- comes to dominate the thinking on cyber security, it will fail to cooperate meaningfully with international institutions.
"International collaboration is the key to developing, standardizing and implementing these critical new upgrades. America cannot do it alone. No amount of re-organizing the boxes in Washington is going to solve the cybersecurity problem. We need to make the internet itself more secure, and we need to invest in program areas that work."
And Beckstrom wants these upgrades to be largely open source, available to the public community of programmers and thinkers. It's safe to say that any cyber security program defined as a counter-intelligence / counter-terrorism / counter-espionage effort would be wrapped up in all sorts of classified ropes.
How does cyber security intersect with politics? The money spent on lobbying, for one thing. But publicly, it hasn't really, yet, outside of the trade journals and some blogs. It's important for people who care about the future of the Internet to brief themselves about the scope of these issues and the debates now; the Obama administration might act quickly, and its decisions -- and where it and Congress decide to put the money -- will resonate in ways we haven't conceived of.