Oct 7, 2009
. Instead of the customary Washington prose of, “I want to spend more time with my family,” Beckstrom took direct aim about the lack of funding his organization was getting. The real target of his farewell letter was the National Security Agency and the role it plays in cybersecurity. In his words:
NSA effectively controls DHS cyber efforts through detailees, technology insertions, and the proposed move of NPPD and the NCSC to a Fort Meade NSA facility. NSA currently dominates most national cyber efforts. While acknowledging the critical importance of NSA to our intelligence efforts, I believe this is a bad strategy on multiple grounds. The intelligence culture is very different than a network operations or security culture. In addition, the threats to our democratic processes are significant if all top level government nertwork security and monitoring are handled by anyone organization (either directly or indirectly). During my terms as Director we have been unwilling to subjugate the NCSC underneath the NSA. Instead, we advocated a model where there is a credible civilian government cybersecurity capability which interfaces with, but is not controlled by, the NSA.
In recently reviewing those words, I came across an article by Shane Harris of the National Journal, entitled “The Real Cyber Czar.”
It would seem, as undiplomatic as Beckstrom’s resignation may have been by typical Washington standards, his ability to “call ‘em like you see them” was accurate.
Based upon Harris’ article it would seem that the NSA is in the driver’s seat on many of these issues whether we like it or not. Given the on-going threats and demands that we currently have with cyber-attacks from nation-states, criminal enterprises and others, I don’t think we have much choice either. Until DHS can build a full-strength team to take on these duties, the Administration has to go the bench for players who can perform and in this case, it’s the NSA.
This piece was originally posted on Security Debrief.