More on CybersecurityMay 5, 2009 - by Donny Shaw
There’s been more talk than usual in Congress recently about the issue of cyber security. I think we’re all convinced that it’s a serious issue and that there needs to be some kind of unified effort to address it. But it’s been difficult for any of us outside the realms of information security and technology to know what to do — or even to begin talking and thinking about what to do.
Most people seem to agree that the bill introduced into Congress, the Cybersecurity Act of 2009, does not take the right approach. It seems to threaten privacy and to call for system-wide standards in a way that would make the hacking game even easier for those with malicious intent.
Marc Ambinder has a piece on the issue today stemming from an email discussion with Rob Beckstrom, a former chief U.S. cyber security official who resigned recently because he felt the National Security Agency was trying to take over his operation and that their attitude towards the issue was counterproductive. It’s helpful, I think, for starting to find ways to think and talk about this.
“’Who’s in charge’ has been a topic of political debate in DC since Dick Clarke first raised the cybersecurity issue in the late 1990’s,” he said via e-mail. “No matter how and where the boxes are drawn, let’s get to work on re-architecting and evolving the Internet for the benefit of all.”
Though Beckstrom didn’t quite say this, I think he is worried that if the NSA – by mission a parochial, defensive intelligence organization – comes to dominate the thinking on cyber security, it will fail to cooperate meaningfully with international institutions.
“International collaboration is the key to developing, standardizing and implementing these critical new upgrades. America cannot do it alone. No amount of re-organizing the boxes in Washington is going to solve the cybersecurity problem. We need to make the internet itself more secure, and we need to invest in program areas that work.”
And Beckstrom wants these upgrades to be largely open source, available to the public community of programmers and thinkers. It’s safe to say that any cyber security program defined as a counter-intelligence / counter-terrorism / counter-espionage effort would be wrapped up in all sorts of classified ropes.
How does cyber security intersect with politics? The money spent on lobbying, for one thing. But publicly, it hasn’t really, yet, outside of the trade journals and some blogs. It’s important for people who care about the future of the Internet to brief themselves about the scope of these issues and the debates now; the Obama administration might act quickly, and its decisions – and where it and Congress decide to put the money – will resonate in ways we haven’t conceived of.