Sometimes I wonder whether or not the US administration is serious about the problem of cyber crime or if it is all political lip service in an attempt to acquire more power and funding.
I like reading the Jason Bourne novels, The Bourne <noun> by Eric von Lustbader. I don't like Robert Ludlum's style (who wrote the first three books of the series), but I do enjoy Lustbader (who wrote the last six). I know that fiction novelists exaggerate things in their books in order to give their characters personality traits that the audience cheers for or loves to hate. In the Bourne series, Jason Bourne is an unselfish hero with super human abilities. His counterparts in the government, by contrast, are power hungry villains who do their jobs but care more about advancing their own power and status than they do about serving the public. Bourne has to work outside the system and outwits his opponents in the end.
These are caricatures of our perceptions of real life politicians. They're not real; sure, maybe some are like that but the majority are not. But sometimes I wonder.
In the US administration, we see important people like incoming Secretary of Defense Leon Panetta say at his Senate confirmation hearing that "a strong likelihood that the next Pearl Harbor" could well be a cyberattack that cripples the U.S. power grid and financial and government systems. He also said that cybersecurity will be one of the main focuses of his tenure at the Pentagon.
But when you look at what is actually happening in cyber security, there is more position jockeying than there is real progress.
From a Wired article in March 2009:
Cyber-Security Czar Quits Amid Fears of NSA Takeover
Rod Beckström, the Department of Homeland Security's controversial cyber-security chief, has suddenly resigned amid allegations of power grabs and bureaucratic infighting.
Part of the Department of Homeland Security — for now, the government's lead agency for cyber protection — the Center was supposed to be the one place where the defense of civilian, military and intelligence networks could all be marshaled together.
At least, that was the idea. But the Center never had a chance to even start doing its job, Beckström complained in a resignation letter to DHS Secretary Janet Napolitano that has been obtained by Danger Room. The Center "did not receive appropriate support" from the Department of Homeland Security to help coordinate network defenses, he said.
"During the past year the NCSC received only five weeks of funding, due to various roadblocks engineered within the department and by the Office of Management and Budget." ..."Rod [was] trying to get over NSA's power grab," a cyber-security source with deep government ties tells Danger Room. But in the end, Beckström couldn't. "He jumped nanoseconds before being pushed."
That was back in 2009. But the next cyber security czar appointed by the White House resigned in August 2009. From the Wall Street Journal:
Security Cyber Czar Steps Down
The White House's acting cybersecurity czar announced her resignation Monday. Melissa Hathaway, who completed the Obama administration's cybersecurity review in April, said in an interview that she was leaving for personal reasons. "It's time to pass the torch," she said, adding that she and her colleagues have provided an "initial down payment for what's needed to start to address cybersecurity."
People familiar with the matter said Ms. Hathaway has been "spinning her wheels" in the White House, where the president's economic advisers sought to marginalize her politically.
National Economic Adviser Larry Summers argued forcefully that his team should have a say in the work of the new cyber official. The result was a cybersecurity official who would report both to the National Security Council and the National Economic Council. Supporters said that arrangement would cement cybersecurity as a critical security and economic issue; detractors said it would require the new official to please too many masters and would accomplish little.
There are a couple of ways to interpret this. One is that the country's cyber infrastructure is very important to the US's ability to do commerce and affects the economic well being of the country. Therefore, it makes sense to have the person responsible for cyber security to report to the director of economics. The other way to interpret this is that the Larry Summers was extending his reach and didn't like the prospect of not having another arm of government, a pseudo-military arm, not under his control. Hathaway could see that she would be road blocked at every turn and decided to leave rather than tread water and do nothing.
Fast forward to May of this year, and the Department of Homeland Security saw a resignation (I can't tell if the NSA is responsible for cyber security, if it's the DHS or even the Defense Department). From the National Journal:
Top Cybersecurity Official Resigns
Phil Reitinger, the Department of Homeland Security's top cyber and computer crimes official, is resigning just days after the administration launched its most ambitious cybersecurity initiative.
"I have decided that the time has come for me to move on from the Department," Reitinger wrote in an e-mail to DHS employees this afternoon. Reitinger, who, as deputy undersecretary in DHS's National Protection and Programs Directorate, was the department's senior interagency policymaker, said in an interview with National Journal that the timing of his announcement was not meant to signal any disapproval with the White House.
Reitinger said he wants to spend the summer with his family — he has young children and he's been working in cyber security "since they were born."
Some in Congress want to elevate the position Reitinger held to a Senate-confirmable deputy with broader powers, and to give DHS's cybersecurity programs their own directorate. Since DHS was given the responsibility to protect the homeland from cyber threats, as well as direct authority to protect dot.gov domains from intrusions, it has competed for resources and attention with the Department of Defense, which stood up an entire cyber command and has the mighty computers of the National Security Agency at its fingertips. In October, DHS signed a groundbreaking memorandum of agreement with the Department of Defense, a statement of principles acknowledging that while the different departments had different legal duties, "we want to be able to work together as one team." In practice, that means that DHS and DOD cyber scientists and engineers work at each other's facilities.
Reitinger was only appointed in March 2009, meaning he was on the job for two years. The article does say that "Reported friction between DHS and other government agencies has diminished under the watch of White House senior director for cyber policy Howard Schmidt," and that appears to be good news. However, did you notice the secret code words in that above snippet? Reitinger wants to spend more time with his family. Whenever a high profile government official says that, it's because (a) they've been caught in a scandal and want to leave their position gracefully, or (b) there are internal power struggles between high ranking officials and the one who is resigning lost the battle.
That's my cynical interpretation but it rings true more often than it doesn't. This article makes everything seem like it's all good behind the scenes. I'm not convinced.
Why am I not convinced? Because last week yet another official resigned! This time quoting an article published on The Daily Tech:
Head of U.S. Cyber Agency Resigns Abruptly, Gov. Won't Say Why
Randy Vickers, director of the U.S. Computer Emergency Readiness Team, resigned from his position suddenly last Friday
The United States government was the target of many cyber attacks this year, including those launched on the Pentagon, the CIA and even U.S. soldiers. These attacks resulted in the loss of 24,000 confidential military files, 90,000 logins of private and public sector employees (including those in the U.S. military) and the take-down of government websites.
Governments and corporations around the world have been targets in 2011's cyber attack spree, raising many questions concerning internet security. While this blaring spotlight has put stress on many people on the receiving end of these attacks, many are shocked by the sudden resignation of a U.S. agency head in charge of responding to cyber attacks.
Randy Vickers, director of the U.S. Computer Emergency Readiness Team, resigned from his position suddenly last Friday. A reason for his resignation has not yet been released.
Once again, this article is vague. The government was targeted this year and suffered data loss. Is Vickers taking the fall for this? When something really bad happens like this, the ones who take the fall are frequently the ones in charge (proving that not all sh*t runs downhill).
Again, there are multiple ways to speculate: maybe this is coincidental. Yet another head of the cyber agency resigned because he wants to do something else. Maybe he was caught in a scandal. Or maybe he grew frustrated at all of the bureaucratic road blocks and decided that he couldn't accomplish any real change and would be held accountable when something went wrong.
All I can do here is try to read between the lines (assuming that there is actually something to read). But on the one hand, there are people in the military saying that there is a huge cyber threat from rogue actors and other nations (according to the new SecDef Leon Panetta). On the other hand, according to Cyber-Security Coordinator of the Obama Administration Howard Schmidt, there is no cyber war but instead we need to focus on cyber crime. But on the other hand, we see a revolving door of departures from people who are supposed to be in charge of the nation's cyber security.
Maybe Lustbader's portrayals of life time bureaucrats isn't so far off the mark? Maybe in order to accomplish real change, you need to be a lifetime insider who knows the ins and outs of the system. And maybe outsiders aren't well suited for that type of thing, even if they are bright and capable people. My paranoia doesn't give me a lot of confidence that the most important people in government have the nation's best interests at heart.
On the other hand, maybe I'm just paranoid. Meh.
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Afilias - Mobile & Web Services
Minds + Machines