Tuesday, May 6, 2008

What's Up with the Secret Cybersecurity Plans, Senators Ask DHS

Go to Original
By Ryan Singel

Jilportraitclr_sm The government’s new cyber-security "Manhattan Project" is so secretive that a key Senate oversight panel has been reduced to writing a letter to beg for answers to the most basic questions, such as what’s going on, what’s the point and what about privacy laws.


The Senate Homeland Security committee wants to know, for example, what is the goal of Homeland Security’s new National Cyber Security Center. They also want to know why it is that in March, DHS announced that Silicon Valley evangelist and security novice Rod Beckstrom would direct the center, when up to that point DHS said the mere existence of the center was classified.


Those are just two sub-questions out of a list of 17 multi-part questions centrist Sens. Joe Lieberman (I-Connecticut) and Susan Collins (R-Maine) sent to DHS in a letter Friday.


In fact, although the two say they asked for a briefing five months ago on what the center does, DHS has yet to explain its latest acronym.



The panel, noted it was pleased with the new focus on cyber security, but questioned Homeland Security’s request to triple the center’s cyber-security budget to about $200 million.


They cited concerns about the secrecy around the project, its reliance on contractors for the operation of the center and lack of dialogue with private companies that specialize in internet security.


That center is just one small part of the government’s new found interest in computer security, a project dubbed the Comprehensive National Cybersecurity Initiative, which has been rumored to eventually get some $30 billion in funding.


Little is known about the initiative since it was created via a secret presidential order in January, though the Washington Post reports that portions of it may be made public soon.



We are also concerned that the lack of information about the CNCI being provided to the public, other agencies, and private entities that conduct business with the government might be creating confusion and concern about the initiative. Given the broad nature and goals of this initiative, agencies may be less likely to plan for their future information technology needs, fearing that systems they purchase might not comply with the initiative. Similarly, industry will be less likely to do business with the government given the uncertainty about future technical requirements. Additionally, the public, of course, must be reassured that efforts to secure cyber networks will be appropriately balanced with respect for privacy and civil liberties.


Why might citizens be worried about privacy and civil liberties? Consider that the whole initiative appears to have been launched after the Director of National Intelligence told the President Bush that a cyber attack might wreak as much economic havoc as 9/11 did.


Consider that the NSA, which currently protects classified networks, wants to expand into protecting all non-classified federal government networks. Consider that Congress is set to legalize the NSA’s monitoring rooms in the nation’s phone and internet infrastructure.


For its part, the FBI says it also needs access to the internet’s backbone, while the Air Force is hyping its own efforts at cyber defense and offense. Meanwhile, THREAT LEVEL’s sister blog Danger Room reports that DARPA is getting in on the hot cyber-action, with a project to make a fake internet to develop new cyber attacks and defenses.


It’s been said many times that if the government knew what the internet was going to become when it grew up, they would had never let it out of the lab.


Now it seems the only question is whether the government will be able to turn the net into a controllable, monitorable and trackable pre-internet AOL-type service or whether the chaotic net will live on as just another frontier for the military-industrial complex to start an arm’s race and rake in billions of government dollars.

No comments: