Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Government To Get Cybersecurity Chief

Posted by timothy on from the save-us-uncle-cyber dept.

cmason32 writes "The Bush administration is going to create a new Cybersecurity Chief position in the Homeland Security Department. The move is supposed to demonstrate the government's dedication to cracking down on hackers and 'cyberterror.' One of the responsibities of the position is to 'secure cyberspace.' However, critics are already noting the position is not likely to be effective."

7 of 121 comments (clear)

  1. Text in case of slashdotting: by Anonymous Coward · · Score: 2, Informative



    U.S. government to get cybersecurity chief
    By Ted Bridis

    May 25, 2003 | WASHINGTON (AP) --

    The Bush administration plans to appoint a new cybersecurity chief for the government inside the Homeland Security Department, replacing a position once held by a special adviser to the president. Industry leaders worry the new post won't be powerful enough.

    The move reflects an effort to appease frustrated technology executives over what they consider a lack of White House attention to hackers, cyberterror and other Internet threats. Officials have outlined their intentions privately in recent weeks to lawmakers, technology executives and lobbyists.

    The new position, expected to be announced formally within two weeks, is drawing early criticism over its placement deep inside the agency's organizational chart. The nation's new cyberchief will be at least three steps beneath Homeland Security Secretary Tom Ridge.

    In Washington, where a bureaucrat's authority and budget depend largely on proximity to power, some experts fear that could be a serious handicap.

    "It won't work. It's not a senior enough position," said Richard Clarke, Bush's top cyberspace adviser until he retired this year after nearly three decades with the government. Clarke's deputy, Howard Schmidt, resigned last month and accepted a job as chief information security officer for eBay Inc.

    "While it's not optimal having someone technically that low in the pecking order, it's much better than the current situation," said Harris Miller, head of the Information Technology Association of America, a leading industry trade group. He said success at that level of Washington's bureaucracy is "not mission impossible, it's just a difficult mission."

    The plan is consistent with Ridge's unease over elevating cyberconcerns above the security of airports, buildings, bridges and pipelines. The agency currently lumps both those issues under its Information Analysis and Infrastructure Protection unit, one of four directorates in Homeland Security.

    "It's pretty difficult for many businesses and many economic assets in this country to segregate the cyber side from the physical side because how that company operates, how that community operates, is interdependent," Ridge told lawmakers at a hearing this week.

    The new cyberchief also will be responsible for carrying out the dozens of recommendations in the administration's "National Strategy to Secure Cyberspace," a set of proposals put together under Clarke just before his departure.

    That plan, completed in February, is drawing criticism because it emphasizes voluntary measures to improve computer security for home users, corporations, universities and government agencies.

    "I don't think we have a plan," said Rep. Zoe Lofgren of California, the senior Democrat on the Homeland Security subcommittee on cybersecurity. "If we just take a look at that strategy, we're not going to end up with the solutions we need. There's a sense among the committee that there needs to be a little more meat."

    The government privately acknowledges many of those criticisms. In a previously undisclosed internal memorandum to Commerce Secretary Don Evans, the head of the agency's Bureau of Industry and Security described complaints from technology executives after meeting with them in September in California.

    The executives felt the government's plan was "not sufficiently strong because many of the key recommendations had been `watered down' and were not `mandatory,"' Undersecretary Kenneth Juster wrote. His organization at the time included the U.S. Critical Infrastructure Assurance Office, which has moved to Homeland Security. The Associated Press obtained a copy of Juster's memo under the Freedom of Information Act.

    Officials are still looking for candidates for the new position, which will be announced within the next two weeks. Clarke, now a private consultant, cautioned that the administration will have a difficult time convincing a prestigious cybersecurity expert to take the job. Some others predicted that won't be a problem.

    "Most folks if asked to do this would jump at the opportunity," said Sunil Misra, chief security adviser at Unisys Corp.

  2. Re:If I'm not mistaken... by armaghetto · · Score: 2, Informative

    Sorry, it appears I was mistaken.

    The doubleclick guy was supposed to be the Homeland Security Privacy Czar.

    In a related matter, it appears that I'm not so lazy after all.

  3. not enough power? by phalse+phace · · Score: 3, Informative
    Industry leaders worry the new post won't be powerful enough.

    Exactly how much more power do they really need, especially when they've got things like the Patriot Act and the proposed Son of Patriot Act?

    1. Re:not enough power? by Anonymous Coward · · Score: 1, Informative

      They mean the post won't be powerful enough within the Homeland Security Dept. itself, not in an absolute sense.

      Being three levels deep within the organization means they will probably get a (relatively) small budget and generally be ignored.

  4. Re:See, we're doing something! Re-elect us! by the_2nd_coming · · Score: 2, Informative

    the thing with homeland security is that you will never realy know if it is effective because only a failure will be noticable and depending on how many plots were foiled before would tell you how effective HLSD is.

    --



    I am the Alpha and the Omega-3
  5. Re:yeah, 'cause the last position worked out so we by Dolly_Llama · · Score: 3, Informative
    why Ridge is head of Homeland Insecurity? Cause the poo baby lost his election for a congressional seat.

    I think you got your bureaucrats mixed up. Ashcroft was the one who lost an election (to a dead guy) and was then appointed to the cabinet.

    --

    Somewhere, something incredible is waiting to be known. -- Carl Sagan

  6. Re:Um...... by gruhnj · · Score: 2, Informative

    The military can handle its own. There is an Army MOS for this kind of stuff. Its any 74 series MOS, mostly 74B and 74C. (soon to be 31B and 31C). Any level 20 or higher personnel in this group should have taken System Administration/Network Security Level II, which amounts to a basic defense of Windows 2000+ and Solaris. Level 3 of this course has basic hacking. Level 4 is a full immersion into hacking, programming, etc. Anybody can take up to level two once MOS qualified. Level 1 is given in AIT. Level 2 is given at the post level. Upper levels are tracked and monitored who gets access to the class and is usually a TDY of 2 weeks for level 3, 6 weeks for level 4.

    Even without users at the end getting the higher levels of training, those at higher levels, (ACERT and RCERTS) take care of this at the initial levels of packets entering the network. By the time it gets to the end user, that packet has been filtered, logged, and all sorts of other stuff before you see it.

    For strike-back capability, we got units for that. For small stuff ask for a WO-2 or better.

    This works for the military where one can order people like me around. Civilains on the other hand it might not be such a great advantage.

    PFC Gruhn
    MOS 74B.
    SANS Lvl 2 qualified.
    HHD, 1PG, Fort Lewis