Cybersecurity Review: A Preview

The government top cybersecurity official offered a preview today of the government's plan to dramatically restructure how it handles the Internet and security.  Speaking to a top conference of security technogeeks in California, acting NSC senior director Melissa Hathaway said she could only only offer a "trailer" of the results of her review -- something the tech-savvy, Trek-hungry audience must have appreciated. Sorry about the Trek jokes, guys. I'm excited too. Anyway: read the speech here: Melissa Hathaway Speech at RSA.doc 

Hathaway called cybersecurity "a fundamental responsibility of our government" that "transcends the  jurisdictional purview of individual departments and agencies because, although each agency has a unique contribution to make, no single agency has a broad enough perspective to match the sweep of the challenges."   It requires "leading from the top" -- which I take to mean a director of cybersecurity who has wide authority -- and dialog with businesses and the American people.  Government must work with businesses and with other countries, she said, to secure cyberspace. But the federal government  "has the responsibility to protect and defend the country, and all levels of government have the responsibility to ensure the safety and well-being of citizens." She noted: " The private sector, however, designs, builds, owns, and operates most of the digital infrastructures that government and private sector use in concert.  The public and private sector's interests are intertwined with a shared responsibility for ensuring a secure, reliable infrastructure upon which businesses and government services depend." Partnership!

The White House is mum on the structure of its new cybersecurity establishment. They've endorsed the concepts outlined in legislation sponsored by Sens. Rockefeller and Collins: a strong cybersecurity director who could shut down even private computer networks in extreme cases; a large role for the Department of Homeland Security in designing and implementing the non-military cybersecurity programs and a subordinate role for the National Security Agency. The Director of National Intelligence, Dennis Blair, has said he thinks the NSA should be the lead cybercop; the NSA's director, Keith Alexander, disagrees. At least publicly.  In the meantime, the Department of Defense is busy working on a new cybercommand to deal with growing threats to DoD servers and programs.