|
|
|
What Kind of Cyber-security Czar Do We Want?
By: Larry Seltzer
2009-03-10
Article Rating:  / 5
There are 7 user comments on this Network Security & Hardware story.
What kind of national cyber-security officer could really make a difference? Do we really want to have an Internet under that kind of thumb?During his campaign, President Obama promised
that he would "make cyber-security the top priority that it should be
in the 21st century. I'll declare our cyber-infrastructure a strategic
asset, and appoint a national cyber-adviser, who will report directly
to me."
About a month ago Obama appointed Melissa Hathaway, who served as
the cyber-security coordinator executive under Mike McConnell, former
President Bush's Director of National Intelligence, to be a senior
director at the National Security Council. She is currently performing a 60-day review of security of federal systems.
She is also a leading candidate to be the "national cyber-adviser" to
which Obama referred in the campaign, assuming he goes through with
such an appointment. Currently she is several steps away from reporting
directly to the president.
Many years after creating a Director of National Intelligence
(the new one is Dennis C. Blair), specifically in order to coordinate
all the various sources of intelligence and make sense of them, it
seems we're not very good at that, according to a report examined by the Wall Street Journal.
"Cultural, organizational and technical obstacles have slowed efforts
to move information across agency boundaries," according to the
article. Expect cyber-security to be a similar problem, and remember
that it is one of those components that needs to be coordinated by the
DNI.
I actually assume that the DNI really did try to do a better job,
and it seems the report says they did accomplish some things, just that
they have a long way to go. But it's a really hard job, and
coordinating cyber-security for the nation is really hard, too. It
could be that it's a job doomed to failure; could we actually make
things worse?
Absolutely we could. It's worth asking at the outset what we're
talking about defending; is it just federal government systems, in
which case the czar is really just the federal CSO? This is not only
unobjectionable, it's a pretty good idea. I'm sure most large federal
agencies have a CSO or someone with such responsibilities (correct me
below if I'm wrong) but it's fair to have a coordinator directing a
common security policy above them, one who can also help them to get
their jobs done by providing political weight. This position really
needs to report directly to the president? That I don't understand.
Already we've seen that political decisions are central to how this effort will be made. Just the other day the
most recent person in charge of federal cyber-security, Rod Beckstrom,
head of the U.S. National Cyber Security Center, resigned,
complaining that all the authority was being taken from the Department
of Homeland Security and put in the National Security Agency. That and
the fact that his group was only sparsely funded. Even if this is just
a job about federal systems, should it be run out of the NSA?
And if we're talking about someone who's in charge of security for
the whole of U.S. Internet infrastructure, the idea is pretentious and
dangerous. Today an appointed czar would have no real authority over
badly administered Web servers, ISPs that have insufficient controls,
networks with no DNSSec or IPv6 support. And there is no U.S. border to
defend on the Internet; many significant U.S. Internet assets are tied
closely with assets owned by the same organizations abroad.
If the government is supposed to have real authority in this regard
it would take new and highly intrusive legislation to do so, and none
of us would take it sitting down. If they won't have the authority,
then nothing has really changed, which is maybe the best way to go
about things.
What would you do if you really wanted to shape up the nation's
networks? You'd need someone in charge with real authority, like a real
CTO or network admin at a real enterprise. Imagine it: someone with the
authority to quarantine infected systems; the authority to disconnect
networks that are poorly, perhaps even maliciously, managed; the
authority to ban old and insecure products and, conversely the
authority to mandate new and secure ones, like DNSSec and IPv6; the
authority to tell people "no, you can't do that with your own computer."
There is no way we would ever put up with authority like that on the
Internet. There's no way service providers would put up with it either.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack.
| | Reader Comments: What Kind of Cyber-security Czar Do We Want? | | >>> Post your comment now!
| | A user comment on this articleNo problem. They just need to build the new internet2 fast; implement full realtime firewalls with IDS/IPS, DNSSec, IPv6, managed key authorities,... Posted At: 06-04-09
By: Revo | | | | | | Rod BeckstromRod Beckstrom resigned from the Obama administration, and he complained that *it* was moving all the authority into the NSA.
I don't disagree... Posted At: 03-19-09
By: Larry Seltzer | | | | | | Slightly Premature PostulatingWhile it is not a bad idea to consider the issues of Cyber Security in the context of the political process, it is not constructive to go wildly off... Posted At: 03-19-09
By: Will Ozier | | | | | | An I.T. Pro -- NOT a politician!!!If you don't know what RACF is, you are not at all capable of understanding what is required here. I have over 40 years in I.T. coding and upper... Posted At: 03-12-09
By: ApolloVet | | | | | | No Cyber security without physical securityGee, Mike in NJ, from your right to set up a deliberately insecure "honey pot" network to your right to own any firepower you see fit - quite a... Posted At: 03-12-09
By: Dan in AZ | | | | | | A user comment on this articleThe less that the government interacts with my life, the better. They should keep their hands out of my business altogether. If I want to setup a... Posted At: 03-12-09
By: Anonymous | | | | | | cyber-czarHi, I'm Larry Seltzer. How much authority do you want the federal government to have over the Internet? Posted At: 03-11-09
By: Larry Seltzer | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������x}ks۸q�f89��zۑR%':,�KOJK1Eꐔm
/=(ɏ$s7M�@�ht7�F��?��o~$riI1�%S{t;{Dj��?�|o�Q�o�2p\Ռ!CjYL��}�F[خf��
��Gx6b)?;mnvl�k�.�pѴ
Q�m/
x�Wü#h5#@I.b(�Q;c(D=�ϱL�-:
�ۗD�9�z�v08bq j9fOM�n��O%�0֝9 ]ӧ^�Т'Q!_Cbp`ùz�S�*�z>2=�{'�4vlr�_iׁ>�6ܵ^M|D-� NH5]^)酵~oZ*JNS�- Oqja�5=�3�-i�*�$VאL-^m^uyXv&�Z*i�C�A�@t?#;sHqtqӺltnsM�Of�I3w �a
O'ɗV:�;'^<�$>L-rG]����j����\.T$5�FI&>xz:#�Iorg5ȿ��۞Bdy!8粎;{�RxXɬ��V5�g���o SE@�,�tjg�tkU+
e:�`M��7}��S�Is9�j�\K=0�Aa)#p?�݅I
�pJq�䠊c,XUl� �\�4%$3X��U���8r�ݡQSnSA�E7CD� r4#*�|!XsI
�((�{�?F�N�IRe6\n=ٹ.hzYZU'JdaiE֕iaO
.}ױǵf ݫeOf[ׄ)g��F0�,I�!e$��8W9UGTDvk�̗OPPoA���Ge'�-djˠq�ayƄAG7{x;}��!NR�}:;Sjiuvkh|>(6FʋMQs7}}81 @�
T�N`R� �V83uf�ugA
�>�0��}sJY5U@E�$�
�t"�vMG�68D�&7�j�7O�j�;`b<"#>Hl^���o�ٜI8:S�A�0:A̾P��,x�Z`�>s|}��I0�ŧ/5+=;dp7 �P(�n^ßf�1�����_NwW.Y� �3DXVHdFn!f!
=f lPȬ�T s^AYg䖅⑦_1aYX�wXOڠ�wMR?q�6Nq�:SXhh�OW͡v��vM"kBVnl^u {9�BH{2Ku��rG*$��@HVL��,ۚ7èkA
+�_i���ݤ�ksnͰ,C�u6б\�i@^%øWR�W&>4>jLjx\'N;_&TYWݛ@�hz#[rAS҉U|>X=l@�� �ʸ�nHI2Ij>8u>uϜ��UKױ@)"ݙ[Gfln8
:��x?wpBm�g6q�
cOЬ,��p��ZV5S=C�ab悈�f �ǂ %K�bЁU|aXebeQ=o);e]]HQ:ϯM��V P�8pD30ڠLzi-6!&��1��W]�ɰXPr�~���l"�zd\s˰0X.@rFe9A�u\/HR �H۴>���Mv���u׳PR@��B^Nu���5GANvQeTs{!䚛��!Pcf�:u�V*w3$!UwwNQ1O��M�v��كEp"==;3$t`n�̂/S"X
8h��� Bs
�LREXB���v1��v1UEP=)o�M�e締uy0Ě|�VT#RB�.Z_=n2dBT�^U�f{�V�?aA�@=&��{#K�˰"Uzg�k#}Ӡ-�`@";ԴG2*d5�6�
�P�ףN箇v+sF�$�X�Cꏘ3j
{�.�2*J9+kjTyFP֫W-"�fdbD�Gs=8bC�5�\#��go t :Rn{ޜ�9"zfnހWIl��Ԋ)L6;[JϮVU07> Y�L\l�[t3pM8�o~��Qly2U5�E�3.�о�
M(}R"7Cj�%�r1f@X/{�~|UM+ĺe0"3Q1�ʅ硟5#�;
k9*)<�+2��
��`�9z{v>�2e�e�-&s#tdK�(3sM��l\7�bm?\ �6�!�ɵFf/"�IC{F˃,oEUP˗r%�y�V;i4+�#4�+Z��۹i�n.?�9[E �1ķ�ҨXI+Gs�;ʌg�b<�p}6'F{�zt�ȣ��jC}f q�
iv,[�Xh;K!ڸi��H@mXJ7᭬j`.ʒ+$$< ��(yM˃t׀mKR1swGm���3��"�pD.eޓy9�O.+,/�J)W)p�Og(��,�$$�l,rޏ۷mpH74a�!48{Reo�k
hr~c$ $"Z��Z�%aG�-+�|MopqL�_�>���B�r$6@ AE@"��j}ϱܯ�p�ف���g!��~�͕Ds��?ܴ�$}eO:[����?��t[V00ֻ0D@?|/�f��T.i�
JF_ǤpB`UueCjb0K=�LAI
�4�p>!.Fm�6�o{1ګzѺ|']2y/`�AANi�8֥xIsѹNE)[�uD�s=BN�n2Hֻc��O!z.FS�Ltk7d81/gjeXc?p6|ΰ�;m�H!o/F��T/Us:TzB[j59πa6(�'�Q?
?����֭
Bb.�3�1OT� (ʉ�-`=����`
ɈF{uQ�N�α�zO��A@fp�kZ!NU�W2��EH��q�A%5g:'
<�:9ghD~m�l/|��~�<�B<�/Mq<"�
}l{p3ъq�F�\��~<)}B�M9˙~B�tnR�7^��?$E��ɪ:@7db��CJ T5��K6zӎ'>s�ex!u,8hq�%ќ|g8�BٹGK�-}[�[��OdI�2%ə$�
=�)!�JچI8'28J542
eI?
U�4㓈PVl
IWɂtꗻ#�dž5>Թ8�T/i]7�")=��0Gu�\% � �q�k/@��1Rޱç{4!ŤYGJ^K`VKMVN,@�-N`0t�O�#�!WZ�hQJ$6�눴a�_mzόEQU2�C/�wy>�~�zo�h) o.�1/�S[ı�p7߆
؉�/K.�xYr kNQD�K%71~�LݖA�ΐveYd�9�}>�T7mb4:#^/?ރ�&M_ 1G{�.ʌ(=~"[3ǺY}6 9kcJgm5�_תrK0�C}F_�-wv?�O�J�{c;Ҿ2CSq��:�+`*98�XH�!HeN
d["2gNIJ <��}L�z�d�,F��Jf�XK�ni^�h u4l��>+gk�1rzpO E�^q�.E~(dR��.oCZ�tGq�WG��Ʋ�x/J)F)�/e�U@O�K4�{[[|�Q{tH���{��iXxlQQ#6^3�~�_O}
�ri�*z}X3?�zԯk�`za{ƙ#3���J�vkNpw�N
On�!�"%�JJL��a�솃�@|Րٱ�hSZ0q��aj}Z'qb��uD{ʷχGɎ6YP|9�ߍ9S{G�8�j�RSWeom�YR| � \���j{\n�n�.'��y3pe\
�C��fKa~'/���NM�Viyg
e]��gK�UQ�JE>��úekt%�T7�ڙRXhbŀEw]5ё�7�fc:0&RI}J]s�֞�=}�^0$�}8��|=�F+��`^[*(ԝwt!5\�C�bZA)�a��Q찶Wg�+rTԢRQ��=~fb�ң1kqoy_"W�HhZ&Vce.�Rxf/ONJmCQ⑳n�чYe
h+(%L[ؔ�j��/,a1e,<)I�{<[T� `���m4v,~h�ʚ��cxW7/ld�O�bv�l�̒���7 �{kxL1h�Y2�!9��2I�LOh�jY�0g}�(�(G:
�1p0xAPHnB�j� A�>zj
�V6�e�ct
:m�S���+]0�(Ō�C}zca0Q?7yI8T�/k�qJHKVeCB'S�E>W]JB�,ɯؑ�sB9�Kg!�CB|]�Fx�e"GfGg:љ�ᙒO,�4t6;B��Ggyy���aԓu~�"q�0WX�pi(�-)kj_~tujO(�zJ:~�/�F\Iu߇��|,(t�.{OJZ�`��p�a?!����n]o/rHJIRʻKɥk|&u�T�YxF�ź뉌R^QZ�pH�A:��!(��ַE4{c |wpmOA*Oeͽ�r�,',-��` #�LƤ
J\*�:aI�==H�})7(z$VjO)'iDd+<;i^�g�|�"}`f{�N>~8R�
LR�#��Rh2��P B%�*�A�-0�-> /�J�cJ+�+Jt�pV4m쐻冫x*}_{�+ �/ݙl:��� ��L,ڏn64*�EG^�_�O���$ugR,=k֕`}!�v�Ĵ
^s��5�|:IH&Rʕ�)Ȯ@pc%�pL"�$a � ?&j{�,�Y�J�|�X�� N�[[[[E8_T˹[#y4�R{#}WԽ=T�rR|�˗1蚄7&e50F�P�;��:Bݚ�XTD݅i1(��
m"f���bFP !f�P�R|><-QݣQS{"�)l"ZhW=Z�ե"́jq)r��h�i/��y4\V�.
Hm� ܡ��v
Cɧs+!���
cI²�Fq}�;M);ֳ7, :s~Iަ{�ҥ.��
j)o�Kq�_ߘҹI"HC"�7
σ��{!O�R{Ф3g
�tu֒�.1J9�� u"�DP{g4,;g�٬x�vR �0UE��4CT��vkBӞn�ZI%It�$�̣H9
or�QKXԞV~%)~�~�~�~�~J^5[G��Sq}8*t�-ͨ]4(
&� P`#%y_ps7{gkU۔d13N'��ۇU�sbkL�tu�֚x�`+�;��C�,�������:5ڞ�^bP�\\:=>(�T%ĉKV+�#{�tncjR뚊ˁC'<<@=I�*���<�@t�O@
�$�mI�|v�5?a}77L�3
uO�Ƥeю9mr~G8��|[�tv5řx�{Dh�2O�.`P��j;f�X�G!Ia4jTg3�@E\ZK/=˺t
J,BAW+GʑV>R�,�JE���jNIξCn/��?3k>5�QIH��:[|{*��^�ϱ_��dIi'y}Bd}g,F6�H&`a�3�/0Q[w�n}W�QL#G��BO�wgt? J$�&�>ybq51J��K7��G@M>rr|�x5 *nF@ ~6�o?~<���|�Zsʑu�-G}ma4R,n��D5,�X�m=��>+C�}g��_\ߣ�ˢǏ�?DNxY�QK�]��P�cW�F�=�%p�D?� ,Q+(YEu�D~"?�:*ɩ-ě��FX)�eB֊��Z�"�'"�K�H�
]V<^�?���X2q����
)_7`;TV���\sb4�19��P6Ƙsjp�VR*zvr[jZJ,jw!�do={2gLpkDxl8�tlNz
tFu�s
on�*�R!V��ϟ%[j�s>�n�LT�S#Vr="z0Ӫ�r="vԶz0��a%|�W\A[bswPehuВdttQa�a ~a,niX�8c;?�22CV&D�Ӱ0-�|2I;�NRuu���scAA"�̮^f\�?'ZN)bd�!=Ɣo%{ؑղr^�ܥC_VT9:eWv��q@5rO�?=hid�Z{tCq_Q-=/�|\Lւ
gT.,�9S�&F<<~Q,텂B.BWo7;G>-�@G��0cˡ��E}iɾǞ3۴ҵDŽ�|� @ؕx���{n/��~ۉK�6G&�<(.iЩ��HuWkB!9�?/�\mD��:vcȞ˻uNDEo?�VM��lۂb4JK(ALM`��^uԏ�m0C"h@$���ks_�Cϊg㝨=)ָS1B�O@u171�v�RrN ;9_1h>` 1>F��P#�S�Cw��46I$Ad�5T?�O�g}�Br��>m~G�Ɩ]}*�3�;M��fQ�jEt�MpC5+�
ާ�7A�6pw�⧰;�:�LX�Q4eޱayT�1"[)'0�斩UGS-��0.�k��MQ(px�~2&f#��L��6@אIok�hx�n#�b�P�05g3bvZͼs2GSu�9%�o݀%P`�W|83nj\J,�|$+DjW��V�Mα"�@�;� '
��
s�
Q@ؔ�47+I,[�jmnR�6s<``yP&0л;�Lo�ѧ�z?]_fU:�`�惩cH�\d�_���9p:�H�g��@w#:ǜlQ�ۺ9�Pq.1$Lj�G 1 t!��/H�FzNsJnt�a]?COFx�à�!���3&+z+e�/J]Vk_9C�KXU�;|&ݾGbi,_�.4&W�)Sh����T3!#vFC��=GK6)�l'eJ/?A>%�6Sa|/S�2.a.SƯ�老�": _:)
*>UJk�B)B)�R/H@_�S�JK}J'ߧ�@MZ:M
@7)�ݤ_|y�)|V
)�iJz!S;MB�EZ�SZ:,.S+"ϊ
�k�z-2*�\ϔ���~/�>G{#sg'�Y�_W�KM0TtӖKT7cTo)i:Hv�B__0�qL�w%,ߔYnƊ6SL�qϜ%OWw1/c$br�D$�4��[bH�ѭ]\�ZJ[ù�wى?> {� �gDs9�[MA7�.[}Ӡ_[�=y}Y_5G{>ؓ/�GSY,��B8��C�`��I1zI�f����6Zy�~38]op֘�؉��Ǝ3�
P7CD�*�״ZjT(�3'?�'d?"3�
�Q5YUdL.�{jERȗ�&�� �K|#
P .=]^%d F
-ˡǎ�!,�pC�F݊-�@h P�>��]:6�_ۨ*�(4f)2^0��-xy�N؛�ڎx �@��7s�J�,���� �sAЫ@3ș{}[vp3iR��� +�D�@:䣷�dȝ>piǽaFrV�Q7@<@#��dϽC�!M3
yY�~p�lt=I*_l�x Sx!I/�kP����`8N�]D?SN`��>x((�"
2HH�2s�{D�|%m{r;S�2!-]�p<�ƄQ]�pWL�1}+ȑP�5�uZWdzԢcFi]/u/^w+r�]ݰ�P(Q"3�q} !1��S$��H�+K)n_%|/DOn���ӦuUDjβّ�4��_aR��V�r.�=n�`�iT����/ă_| в��.q�,sD�Mvς攺LT z̴$៵:�Xl;�^z#֒{ζ� ;C�?BزpFJ˒4\ڈ��T~7(V��Xw|6(6؋|!K'
ϽI^�Sh6�Vo�~Ou˟Hg�"@2xܴkNgڦ1ebZ!q��Z`�ӧޣ5Z@��K2OC24�؆�خ;��qVG�t#���iM�-2nׁݝV���OX|
8�O.�h|�m�ρ Xu�(߄ђ�P��.�?hFqoI W�):P+[����`쎈]�y@�eZ:H\�*,yf
4����vsf6=;n\�r*C�o6G�00cxΌ~��;�KY'}d&-,�$(zIW���&7�&�y#cC�v_Ȉvph{?��A� wVǰ�,XD!Ƨ;�O�Ч�U|�-\a�};}r,s0'¿r�,�e�'jR0�jUyXm4P�ozc|�[w0� _jPw\r%�t'ha1�+�>+:b5��sq7M'�C�a+gPOYhc�1G�f�Yܻ&���W[OP��Q�Y6:|�� ,�݀bZ��"�ND+fr��u3k
)�60M����݄2ѵ"4pkq5~e��יH8��pK�jyr\p�0�S2w�$Yw��f@��O{p|>"��F X��+n:�'�nEsb`.˞t^o.>�sJnG�gg'Qnf�vQ,�+
SeɜK�RUk85WYf
gSߥT%F�ھ �wm&l�2)v}m-c6�]-k��\
0(��
|
Network Security & Hardware 
