Homeland Security Adds Cybersecurity Position

Matimus writes "Information Week has a story about the new Cybersecurity position in the Department of Homeland Security. They have stated IT management is one of their six major concerns." From the article: "Homeland Security's decision to create an assistant secretary for cybersecurity and telecommunications is expected to be well received by Congress and IT advocates calling for better use of technology in securing the country's physical and virtual borders. In May, the House of Representatives passed a $34 billion budget for Homeland Security that called for elevating the nation's head cybersecurity official to assistant secretary status."

Technical or Political?

[lecithin]

What are the qualifications?

Will this be any type of technical position, or will it be political?

Re:Technical or Political?

[sleeper0]

??? You have to ask that? This is a political appointment, no position that high up or even several levels below would ever be considered technical.

Re:Technical or Political?

[adamplas]

I imagine it would be a bit of both. However, as politics and technology never seem to work well together, it would end up being the appointee's job to explain technical issues such as virus protection or cyber-attacks to those who have the power and money. I'd have to lean towards mostly political, and I think most IT workers would agree - just think of trying to convince a manager that a new firewall or server is needed. So, technical in the nature of keeping up on the current technology, but political in trying to convince lawmakers that the new technology is needed.

Re:Technical or Political?

Seeing how a spyware company executive is appointed to the Department of Homeland Security's privacy advisory board, I think you can guess the answer.

Re:Technical or Political?

[hoggoth]

> It will take a generation or 2 before there will be people in the governement that understand IT.

There will NEVER be people in government that understand IT. The mindsets are mutually exclusive.

One deals with hard facts which, when ignored, cause problems.

The other deals with sound bites that appeal to emotions; facts are irrelevant.

It has always been this way, and it always will... because in order to rise in politics you must win the approval of masses of people who don't understand the issues you are discussing, and you must currie favors with others in power and marginalize your opponents (whether or not they are "right" about any particular issue).

Re:Technical or Political?

[coflow]

I agree with your assessment, but I think it might not have always been this way. I think there was a short period of time when the founding fathers of the US moved from being revolutionaries to government officials that they were able to get actual work done. (Such as Hamilton's construction of the Treasury Department or Jefferson's State Department). I know the lack of partisan bickering didn't last long and modern political BS soon found its way, but I'd at least like to think there were at least a few years of real work being done by the govt.

Re:Technical or Political?

[Tackhead]

> Seeing how a spyware company executive is appointed to the Department of Homeland Security's privacy advisory board, I think you can guess the answer.

Yeah, but Gator's not spyware. Take it up with chick from Doubleclick, who now serves as HomeSec's Chief Privacy Officer.

Since we're now talking about a security position, can any of you Microsofties tell us if the guy who came up with Internet Explorer's zone-based security architecture is the same guy as the one who came up with the idea of integrating the web browser into the desktop? Because if they're the same person, I think we know who the cybersecurity czar's gonna be.

Re:Technical or Political?

[Golias]

There will NEVER be people in government that understand IT. The mindsets are mutually exclusive.

What the hell are you talking about? The creator of the Internet served for eight years as Vice President!

Re:Technical or Political?

[cayenne8]

"2. They can be very technically skilled in their field of study."

However, in so many cases....the tech work itself is now done by contractors, and the gov. is actively getting itself OUT of the technical end of most gov. projects.....and only allowing the govy's to provide oversite.

nice

[syncore]

What a good way to spend taxpayers' money.

Isolationist?

[JossiRossi]

Somehow I feel that the US government will not be happy until we have "secured our borders" until the government is entirely isolated.

Not the country mind you, just the government. I often seem to feel that the US government would be ALOT happier without citizens to get in the way too.

Re:Isolationist?

[Kainaw]

I often seem to feel that the US government would be ALOT happier without citizens to get in the way too.

And what business is different? I worked at Burger King and everyone complained that it would be so much easier without the customers. I worked at AMC theater and everyone complained that it would be so much easier without the patrons. I worked for a film company and everyone complained that it would be so much easier if they didn't have to distribute and show the movies. I taught at a university and everyone complained that it would be so much easier without the students. I'm now doing research at a hospital and everyone complains that it would be so much easier without all the patients. Why wouldn't the government find it easier without all the bothersome citizens?

Difficulty filling position

[coflow]

I wonder how they plan to compete with commercial interests that are willing to pay top dollar for individuals suitable to the task. I can't imagine DHS would pay what a Bank of America or Walmart would .

Re:Difficulty filling position

[coflow]

You can get fired at the level that this position is (although in the current administration it seems to be difficult to be fired). I don't think it's really a technician position. And I'll restate my claim that this position can't possibly pay what a bank or large retail operation would pay. I call on CIO's in both government and commercial settings, and the discrepancy in pay is amazing.

Re:Difficulty filling position

[J+Barnes]

If you're really curious, the payscales are published here:

http://www.opm.gov/oca/05tables/

Also, while the actual work in securing the IT network of a company like Walmart may be more substantial in some ways, having a credential like DHS on your resume and the associated security clearance would greatly increase your marketability once you have left the organization for the private sector.

If you're marketing yourself towards the security field, any security consulting company would salivate to have a high-level ex-government information security officer on the payroll.

Re:Difficulty filling position

[coflow]

I guess it depends on how you define competency. In the commercial world, in theory it should. But the reality is that many companies evaluate the CIO on how much they cut costs, not on the amount of value they drive. To me, that doesn't seem like it aligns pay with performance of the IT dept. And the CIO position is such a revolving door position. I think I read somewhere that the average tenure for a Fortune X00 CIO was on the order of 18 months.

Well...

[Nick+Driver]

Technically, it will be political, of course!

We're doomed.

[BaronSprite]

Another puppet official to tell us we need the death penalty for hackers?

I wonder how much of the money will go towards research to blow "terrorists" computers up, then since the technology is already around, let's just finish off all the file sharers.

Re:We're doomed.

[ScentCone]

Another puppet official to tell us we need the death penalty for hackers?

So, when a political party you like better happens to hold office, are the people they appoint to federal positions "puppets" too? Is anyone that's hired to do a particular job, including following the policy guidance of the people that hired them, a puppet?

Have you ever had a job? Or better: have you ever hired anyone? If you did hire someone, would you only respect them if they did something other than what you asked them to do? See, because then they wouldn't be a puppet, right?

I wonder how much of the money will go towards research to blow "terrorists" computers up

Actually, that's more DOD's job. If a hostile network or group of people started using our networks to cause more damage than is already being done, you can bet that we can and should at the very least trash the networks they're using. Just like they'd do to us. When you consider that strictly "private sector" Russian mobsters can extort untold thousands of dollars from companies by coordinating massive DDoS attacks, imagine what, say, the government of China might try if they got pissy over Taiwan. We absolutely need people focusing on how to unplug them as needed. At the very least.

Round 2

[esmokey]

"That person also will be called upon to gather critical-infrastructure threat information and lead the national response to cyber and telecommunications attacks."

They're trying to break up Microsoft again?!

Honestly... .

[guildsolutions]

We would never in a million years read private, innocent citizens emails. Why on earth would you think we would even want to?

Oh Btw, your under arrest for sharing Peter Pan on Kaaza

America doesn't have any virtual boarders

[Weaselmancer]

...otherwise how in the world can we arrest an Australian for software piracy???

Great Firewall of USA ?!?!?

[morcego]

Securing the virtual border ?
I'm not sure about you, but that smells like they are planning to firewall USA ?
Whats next ? Content filtering ?

This actually is a BIG DEAL...

[nweaver]

The previous cybersecurity position in the DHS (where the directors had the job expectation of a Drummer in Spinal Tap) was several rungs lower on the totem pole.

Making it an assistant secretary position is a big increase in authority, which should (hopefully) translate into some significant action.

Re:This actually is a BIG DEAL...

[$RANDOMLUSER]

Yeah. It's the "significant action" we're worried about.

Linux is Communism.
File sharing is Terrorism.
Encryption is Treason.

Virtual borders? What about real interests?

[joelsanda]

"Homeland Security's decision to create an assistant secretary for cybersecurity and telecommunications is expected to be well received by Congress and IT advocates calling for better use of technology in securing the country's physical and virtual borders.

Why do people insist on seeing borders on the Internet? The word itself is composed of "inter" and "network". By applying the metaphor of "border" (either physical or (duck ... incoming cliche) "virtual") they're in essence calling the "internet" an "innerlan".

I hope the DHS can move beyond that limited and sophmoric understanding and instead realize we have interests - not borders. There are no borders on the Internet (excusing the valiant if not wrong efforts of the Chineses).

What if DHS instead focused on our interests: a secure platform for business and government and an accessible platform for communication? What they do afterwards is debatable from now until way past the end of time, but I think their metaphors are so misguided they jeopardize later efforts.

In focusing on the concept of 'borders' on the Internet the leave the chute with shaky reasoning and risk all the problems always associated with a poor meta-understanding of their goals.

Re:Virtual borders? What about real interests?

[Irish_Samurai]

The Internet does have borders. You have LAN and WAN. Is a LAN part of the WAN? Not necessarily.

Another exmple would be my home network and the network I have at work. Sometimes I can VPN to the office network. Other times My network is separate. That would be an amazing trick with your so called "borderless" internet.

The machines that run the internet physically exist, as does the structures in place to relay the data. Sever these streams and the data reroutes itself to get to the desired destination. It takes a border to make an obstruction. Take this one step further and sever all data conduits. You now have an island, and that has borders.

Your "Inter" and "network" statement is not quite accurate either. "Inter" also means between. Between networks would be a more accurate definition.

And what is Meta - understanding? Comprehension of the particulars of understanding? Their goals would seem to be to regulate certain traffic between specific points of the internet, mainly those that physically reside within the US borders. They need a guy to show them how. So I think they have the Meta-understanding thing under grasp.

Yet, I do believe that whomever they chose, he will F it up royally.

Gov and Technology

[Hategiants]

I'm a firm believer that the DHS has no place in its present state dealing with 'technology.' They clearly have their hands full with remarkably menial tasks.

Even so it is yet another powerless position that we as tax payers must foot the bill for, let the bloating continue!

Re:Secretary Duties

[AtariAmarok]

"The assistant secretary... will he have to do jobs like answer the phone and take messages?"

American government department bosses are called secretaries, which leads many non-Americans to wonder if all they do is sit and answer the phone. Non-American government department bosses are called ministers, which leads many Americans to wonder why foreign governments seem to all be run by clergy.

What will you say?

[grimharvest]

One of these days you'll be telling your grandchildren what it was like to have an internet be as free and open as the frontier once was (though obviously with perils of its own just like the frontier had). If the kids ask which you prefered, chaotic but free, or secure but controlled, what will you say?

Re:What will you say?

[Doctor+O]

Hey, these are my grandchildren. They were raised by one of my children who was raised by me and who, therefore, has been greatly exposed to my attitude towards many of those complex social and technological issues the net gives us. I doubt they'll ask me such a stupid question at all.

Or so I hope, my children are both still quite young, and after all they're unique individuals anyway, so anything might happen. Maybe they even don't develop any interest for computers, and I sure won't be pressing them into it for we all know how shitty working with computers is most of the time in the Real World(TM) for most of the people.

But I digress. Back in the old days in CompuServe, there was a time when they were checking ID and not allowing people to 'join' without. Only real names were allowed and set by CIS according to your ID. That was actually a Good Thing. I talked to Al Gore and can say for sure that it was him. That was back in 1994. Heck, I even talked to Douglas Adams and can be sure it was really him. (His style was very characteristic anyways, which was great fun.) If someone stalked or harassed you, you'd simply submit his message or mail to the CIS sysops and they'd take care of it, even banning people for continued harassing. They usually couldn't rejoin CIS without a change of ID (see above).

Those were Great Times. There was a very friendly atmosphere. There was no spam. I say it again so that it can sink into your conscious mind. There. Was. No. Spam. I remember years of email without a single spam. I remember finding the first one really odd (it was the notorious Svetlana stuff, Russian brides for sale) and thinking that this is so pointless that it won't be successful and dying out. The problem was only beginning when they opened their system to the Internet in around 1995. The restrictive access was a good thing.

So actually, to finally get back on topic, things aren't that easy. "Freedom and chaos" aren't inherently good, it's a *lot* more complex. Accountability would solve almost all of the problems we have today. Think about spam. Think about DDoS. Think about the social consequences. Hell, even think of arbritary things like ecommerce, it would be secure for both sides. The back side, of course, stays the surveillance scenario everyone of us fears. I am German. I for sure don't want to live in a country ruled by all-knowing totalitarists, my grandparents told me enough about it.

Which closes the circle. I really need recovery. *goes off to de.alt.sysadmin.recovery*

Re:Secretary Duties

[the_weasel]

Yes the whole system is quite confusing. I suggest we adopt the following system.

The assistant to the government boss can be called an Earl. His boss will be a duke. The leader of the nation shall be called King, who will be served by His Grand Viziers, drawn from the Dukes who have been most loyal, or who have helped keep the King in power.

Naturally after some time, his son the Prince can take over when the King mucst step down - though there may be a short term of unpleasentness as the Regent governs for a period.

Doh

[sickboy85]

Damnit. Now worms etc will become a matter of "national security" and they'll be able to prosecute the hell out of whoever crafts them.

Re:Shit.

[BigZaphod]

Offtopic? The government tends to screw up most things it touches and the idea that it wants to grope the net even more than it already does is slightly annoying/disturbing - especially from the department of homeland security!

"We must censor the internet or else the terrorists will crash a web server into the White House! Think of the children on tours!"

Help Wanted -- MCP over the age of 9.

[infonography]

Apply Homeland Security Administration Dept of Buzzwording. Security Clearance not required.

They definitely need the help

[IO+ERROR]

They can't even keep their own web site running!

Cyberfoo

[GileadGreene]

Can I just mention that I think the term "Cybersecurity" is stupid. Really, really stupid. really, really, really stupid. Actually, that goes for all the other Cyber- stuff that seems to pervade the internet these days too.

"Cyber" is derived from the Greek word for "pilot", or "controller". Norbert Wiener introduced the term into English when he started talking about "Cybernetics" - which was his term for complex feedback control systems (Cyber. Control systems. Kinda makes sense, huh?). How we morphed from Wiener's original usage to the current fad for prefixing "Cyber" onto some random word in order to make it seem computer-related (not even control-related!) is beyond me. Although I'm sure William Gibson deserves a pretty large portion of the blame.

I've got a bad feeling about this...

[The+Angry+Mick]

Today in computer security news, Homeland Secretary Michael Chertoff announced that the new Director of Cybersecurity will be Jeff McFadden, former president and CEO of the Claria Corporation. Citing Claria's extensive presence at the forefront of the cyber security wars raging across the Internet, Chertoff said he couldn't think of another candidate better suited to the job.

Respect?

[phorm]

If you did hire someone, would you only respect them if they did something other than what you asked them to do? See, because then they wouldn't be a puppet, right

Depends on presentation. If said person showed me I was doing something wrong, and offered a better way I'd be happy. Their job is more efficient, mine is easier... works great. The difference is in agenda. The current agenda of the government often seems contrary to the needs or well-being of its citizens, but the purpose of the government is to meet the needs of said citizens. Thus, when government creates a position which under the mystique works against the citizens, it is working against the purposet of the position.

It is the fact that the government itself is corrupt to the point where they directly oppose the purpose of their own creation that puppets origate.

Re:Respect?

[ScentCone]

but the purpose of the government is to meet the needs of said citizens.

But that's just not true! It's up to you, and to me, to meet our own needs. There are certain select things that are best met by using our taxes and working with an authority than can act on our behalf. National defense is probably the single most important and appropriate example of that. That our nation absolutely faces real threats - large and puny - from people taking advantage of our highly networked society means that it's totally appropriate for an agency like DHS to have a person in the role mentioned. There's no "mystique" involved, other than that which you manufacturer just by saying it exists (without mentioning what exactly about that person's role is contrary to our interests).

It is the fact that the government itself is corrupt to the point where they directly oppose the purpose of their own creation that puppets origate.

Do you mean that the form of government (a republic) is inherently corrupt? It's got plenty of rough spots, but it's less corrupt than any other form of government yet seen. And when we don't like the way it's run, or what it costs, or how it does or doesn't defend us, we just swap out the employees for another set. That's the exact and ongoing cure for corruption. Certainly you don't want people selling overnights in the Lincoln Bedroom for political contributions, or taking large sums of campaign money from Chinese interests through California monestaries, or mysteriously "finding" long-ago-suboeonaed law firm records on a table in the White House, or using the last hour or two of your administration to issue pardons to aggregious international money launderers with family members funding your personal library project, or not liking the way that an election turned out and picking just a few zip codes where you know you might find more votes and getting a state court to invent some new rules allowing you to pick and choose how you want them counted... you're right, corruption is definately an issue to watch for.