There’s a lot going on in the federal government as far as information security is concerned, but so far there are a few happenings proving less than positive.
For starters, in March, Rod Beckstrom resigned from his post as director of the National Cybersecurity Center (NCSC), which was the primary agency tasked with leading information security efforts in the Department of Homeland Security (DHS). In his letter of resignation to Janet Napolitano, secretary of the DHS, he noted that NCSC didn’t receive the funding it needed during the Bush administration, which hamstrung its ability to fulfill its role to help protect the critical infrastructure across private and public sectors.
And it seems funding wasn’t the only problem, according to Beckstrom. There was a proposal being bandied about to bring the NCSC under the National Security Agency (NSA), which would allow the three-letter agency to have control over NCSC efforts. To Beckstrom, such a strategy to allow one senior agency to oversee all network security and monitoring would pummel the democratic process.
While Beckstrom recommended in his resignation letter that DHS appoint the deputy director, Mary Ellen Seale, as acting director of NCSC, as of our deadline for print no such announcement had been made.
Meantime, cybersecurity experts converged on Congress last month in the first of three hearings to mull over the good, bad and ugly of federal information security goals going forward. During the hearing before the U.S. House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology, industry experts discussed goals for the 60-day review of federal government cybersecurity initiatives ordered last month by President Obama. The review is underway and is being overseen by Melissa Hathaway, former senior adviser for cybersecurity at the Office of the Director of National Intelligence (DNI) under the Bush administration, who currently carries the title of acting director for cyberspace for both the National and Homeland Security councils.
Witnesses noted during the hearing that there are too many cybersecurity dangers that threaten both government and private infrastructures and too few people on Capitol Hill taking notice. Additionally, according to some, the federal cybersecurity mission needs improving and needs to involve private sector experts and leaders from the intelligence community to be well-rounded and effective. Research and development, funding and other areas need to get better, as well.
Now, President Obama did earmark some $300 million in next year’s budget to fund the DHS effort “to make private and public sector cyberinfrastructure more resilient and secure” and “support the base operations of the National Cyber Security Division, as well as initiatives under the Comprehensive National Cybersecurity Initiative (CNCI) to protect our information networks,” according to his initial budget proposal.
However, folks are still waiting with bated breath to see real action behind the words. Of course we’re only into our second quarter of the year and, no doubt, the results of the 60-day review will highlight some of the more granular needs and systemic problems facing the government when it comes to the long-discussed public/private partnership to better secure the country’s critical infrastructure. But, after so many years of inaction and empty talk when it comes to the necessary planning and leadership required to lead these efforts, time is of the essence.
A leader is needed, one who can be open, forthright and deft at working with private companies to protect critical systems and data. Obama has filled some technology-related posts already (the new CIO and CPO readily come to mind), which is a good thing. But, with Rod Beckstrom heading back to bask in the California sun and, no doubt, future private sector successes, the absence of a strong leader to head up information security efforts has become that much more obvious – such a dearth in talent has to be addressed, and soon.