DHS and the $200 million cyber security mystery
Rod Beckstrom
The National Cyber Security Center was created in February as part of the, Comprehensive National Cybersecurity Initiative (CNCI), a multi-agency, multi-year plan engendered by HSPD-23 that lays out 12 steps toward securing the federal government’s cyber networks.
There’s money in it, if nothing else: The Bush Administration trebled its NCSC budget request to Congress, to $200 million. While this is only a drop in the bucket compared to the $30 billion price tag Administration sources have placed on the government’s entire cyber security effort, NCSC is expected to set the agenda for overall expenditure.
The monies reflect concerns that cyber terrorists or unfriendly countries could wreak havoc with America’s computer-dependent economy. Those concerns were heightened last year in the wake of an alleged Russian attempt to disrupt the communications and computer-dependent infrastructure in Estonia. Further impetus to tighten U.S. cyber security was sparked by reports that China was developing new cyber warfare technologies.
When the Bush Administration announced that it was launching a cyber security effort, DHS Secretary Chertoff likened it to the Manhattan Project which produced the atomic bombs used to end World War II.
Like that project, CNCI has been cloaked in secrecy.
Initially, the Department of Homeland Security withheld all information about NCSC. When DHS officials were called to testify or make budget requests, representatives and senators were only informed behind closed doors; DHS officials claimed the entire program was classified.
However, when Chertoff announced that Rod Beckstrom, a high tech entrepreneur and management guru from California’s Silicon Valley, was to head the DHS cyber security effort, he relented and released some information about the NCSC’s functions.
Chertoff’s motives were complex. But insiders say the release of information may have been dictated primarily by inter-agency competition. In the cyber security sector, DHS is not alone: The U.S. Air Force, the FBI, and the National Security Agency have all mounted programs to lay claim as the lead agency for cyber security. Patriotism aside, each of them seeks to reap the prestige and the power that flows from the ability to spend $30 billion.
There was consternation on the Hill. What was secret, and what wasn’t?
The seemingly selective lack of openness at DHS left Congress angry, not knowing what NCSC was actually doing, much less whether such actions were constitutional.
Last week, the usually phlegmatic Senators Joe Lieberman (I-CT) and Susan Collins (R-ME), chair and ranking Republican of the Senate’s Homeland Security and Governmental Affairs Committee, let Chertoff know they were fed up.
In a letter obtained by GSN, the senators hinted that the NCSC will have to tell more to get more funding.
"We . . . have concerns about how information has been shared with Congress and other stakeholders concerning this initiative and the potential impact this lack of collaboration may have on the success of the initiative," the senators wrote.
"DHS has requested substantial new resources for cyber security, and it is critical that the funds are spent carefully and appropriately," they added.
DHS has requested an additional $83 million dollars for its National Cyber Security Division (NCSD) for fiscal year 2009. Including the $115 million that was awarded for the initiative in the FY 2008 omnibus appropriations bill, this would represent nearly a $200 million dollar increase, tripling the amount of money spent by DHS on cyber security since 2007.
Although this represents less than one percent of the total the Bush Administration wants to invest in cyber security, it includes funding for NCSC, which would set the tone and define the areas in which the federal government would invest in cyber security efforts.
Therefore, the senators were understandably concerned about the amount of information being provided, and the exact legal status of the NCSC itself.
In their letter to Chertoff, Lieberman and Collins raised no less than 17 questions about NCSC and its activities.
Some were basic: "What is the role of the National Cyber Security Center?" "Why was the determination made to create the National Cyber Security Center?"
Others indicated concerns that the NCSC structure may have very weak constitutional legs: "Under what authority was Mr. Beckstrom appointed and is he serving?," the senators asked. "What obligations and/or rights do Mr. Beckstrom and the federal government have under this arrangement?"
The senators then asked a series of questions about hiring and contracting activities, culminating in a demand to know what oversight provisions are being put in place.
Finally, the senators asked about the impact NCSC would have on cyber privacy. They were particularly concerned that, as constituted, NCSC could abuse the DHS Einstein Program -- a voluntary program for use by federal agencies to monitor participating agencies’ network gateways for traffic patterns that indicate the presence of computer worms or other unwanted traffic.
The senators pointed out that a new version of Einstein, expected later this year, instead of only looking at information traffic to and from government networks, could be used to look at the content of this traffic as well. From there, critics fear, it would be only a small step to reconstitute controversial domestic spying programs, avoiding the constitutional need to secure the collaboration of private carriers and networks.
Regardless of the answers Chertoff may provide to Lieberman and Collins, the inconsistencies in DHS secrecy have weakened the cyber security effort, dismaying advocates of a vigorous cyber defense.
- Add your comment
- trackback url: http://www.gsnmagazine.com/cms/trackback/749-2
