Tuesday, March 3, 2009

Rely on The Register with caution

The Register story I just linked to is a tad overheated. The hardest whack at DHS is taken by Rep. Langevin, who asked this question in a hearing last week:


As I mentioned to you yesterday, I’ve spent the last two years both chairing a
homeland security subcommittee on emerging threats in cyber-security and
then, was one of the four co-chairs of this year’s SAIS report on
cyber-security for the 44th presidency, and I’m pleased with the
finding of that report and hoping that the administration is going to adopt many of
the recommendations that are contained in the report. I know that right now,
the administration is doing a 60-day review of its cyber-security strategy,
and I applaud the appointment of Melissa Hathaway and the director in the NSC
for cyberspace.


It’s my hope that that position will actually be elevated and will be a special assistant to the president. But can you give us at least a preliminary overview of how you believe the cybersecurity strategy will be structured, and in particular, where will it be housed? The previous administration put a lot of the focus and responsibility for
securing us in cyberspace in the Department of Homeland Security. While I
have great respect for the men and women that work in the department, it is
clearly a department that is struggling to stand itself up and, in my
opinion, was not the proper place to house the major responsibility for
cyber-security.


I personally think it needs to be coordinated out of the White House with both policy and budgetary authority across a range of responsibilities in government. But can you share with us, at least on a preliminary basis, our vision for how our cyber-security strategy will be conducted – what it will look like – and also talk to us about what you see as where the greatest threats would come from?


Dennis Blair answered this way. The Register is hyping the story a bit, but it's true that you can almost hear the bump as DHS goes under the bus.

DIRECTOR BLAIR: Thank you very much. I think there’s one key aspect of this
future cyber strategy which this committee and your counterpart in the other
body can really help us with, and that is the role of the National Security
Agency outside of the intelligence, its intelligence functions. I agree with
you; the Department of Homeland Security is finding its footing in this
area. The National Security Agency has the greatest repository of cyber talent. With
due respect to Congressman Hastings’ 24-year-old new hire, there are some
wizards out there at Fort Meade who can do stuff.


I think that capability should be harnessed and built on as we’re trying to protect more than just our intelligence networks or our military networks as we expand to our federal networks and to our critical infrastructure networks. And the reason
is that because of the offensive mission that they have, they’re the ones who
know best about what’s coming back at us and it’s defenses against those
sorts of things that we need to be able to build into wider and wider circles.
I think there is a great deal of distrust of the National Security Agency and the intelligence community in general playing a role outside of the very narrowly circumscribed role because of some of the history of the FISA issue in years past, a general distrust of having – I mean, the NSA is both intelligence and military: You know, two strikes out in terms of the way some Americans think about a body that ought to be protecting their privacy and civil liberties.


I think you all know that the fact of the matter is that the NSA – in fact, the entire intelligence community operates under very strict rules. Sometimes people don’t follow them, but we find them and we hold them to account. So I would like the help of people like you who have studied this closely and served on commissions, the leadership of the committee and finding a way that the American people will have confidence in the supervision, in the oversight of the role of NSA so that it can help
protect these wider bodies.

No comments: