Monday, March 9, 2009

Rod Beckstrom DHS Top Cyber Official Sounds Off

The outgoing DHS Cyber chief, the enterpreneur Rod Beckstrom, argues that too much NSA power prevents cooperation with business.

(From Since the Bush administration launched its $30 billion cybersecurity overhaul in January 2008, no element of the so-called "Cyber Initiative" has received more criticism from privacy advocates and private industry than the role of the National Security Agency in the project.

Now, add one more critic of that secretive agency's growing cybersecurity power: the Department of Homeland Security's top cybersecurity official, Rod Beckstrom.

Beckstrom announced Friday that he is stepping down from his post as the head of the National Cyber Security Center. In his resignation letter, Beckstrom said that the "NSA currently dominates most national cybersecurity efforts" and that "the threats to our democratic processes are significant if all top level network security and monitoring is handled by any one organization."

In an interview with Forbes on Monday, Beckstrom expanded on his letter, adding that the NSA's central role in the Cyber Initiative prevented the private sector from participating in information sharing projects--a collaborative side of the initiative aimed at protecting the nation's critical infrastructure, such as power plants, banks and telecommunications networks, from cyberspies and hackers.

"In intelligence environments like the NSA, you seek out and gather information, and then you classify it," Beckstrom says. "It's the opposite of collaboration."

Beckstrom added that while the NSA gains power under the Cyber Initiative, his branch of the DHS has been chronically under-funded by the DHS and the White House's Office of Management and Budget. The National Cyber Security Center received less than $500,000 over the last year, the equivalent of five weeks of operation, according to Beckstrom.

That imbalance between his group and the NSA makes private sector cooperation more difficult, he argues. "Clearly there are companies that are comfortable working in classified environments, and there are those that aren't," he says. "That would be one reason to support a credible, civilian, independent component like the NCSC. Otherwise, we'd lose those relationships we gained by bringing [these companies] into the fold."

In contrast to the NSA power grab he describes, Beckstrom had long advocated a decentralized approach to security. His influential book, The Starfish and the Spider, described how organizations gain strength and resiliency as they distribute leadership beyond a single "head." Because of its decentralized nervous system, a starfish is more resilient than a spider, he argued.

No comments: