New Bill Could Shift Federal Cybersecurity Work From DHS To White House
CNet reports on legislation currently being drafted that would transfer federal cybersecurity responsibilities away from the Department of Homeland Security. Instead, they would fall under the authority of the Executive Office of the President, creating an Office of the National Cybersecurity Advisor. A tech commission recommended relieving the DHS of cybersecurity responsibilities late last year, saying it simply wasn't prepared to deal with organized online threats. More recently, the director of the DHS's National Cybersecurity Center resigned, citing interference from the NSA. The new legislation would "put the White House National Cybersecurity Advisor in charge of coordinating cyber efforts within the intelligence community and within civilian agencies, as well as coordinating the public sector's cooperation with the private sector. The advisor would have the authority to disconnect from the Internet any federal infrastructure networks — or other networks deemed to be 'critical' — if found to be at risk of a cyberattack. The private sector will certainly speak out if this provision is included in the final draft of the bill, a representative of the technology industry who spoke on condition of anonymity said."
Something tells me that the DHS "Ministry of Love" will not lose all of its capability in cybersecurity scaremongering and related sabotage of citizen's rights. Instead, the White House will just have a "Ministry of Truth" spreading its own brand of FUD and fostering oppression of legitimate activities. Expect considerable inconsistency between the two, possibly including persecution competitions: "we're tougher than them" and suchlike.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
I'd support dropping DHS as a ludicrous "master agency" whose proposed components correctly ignored it. But who will handle cyber security, which is in fact a large and growing problem.
FBI? Not competent, and can't deal with international issues.
CIA? Also not competent, and can't legally deal with national issues.
NSA? They have the technical expertise, but no political sense. They're far, far, far too criminal, and primarily takes in information: they seem congenitally handicapped from giving out necessary or truthful information. (See their Clipper Chip and Skipjack fiascos, that "so complicated no one can be bothered with it" nightmare known as SELinux, their warrent-free tapping of the AT&T backbones with fiber-optic splitters and secret rooms, and numerous misadventures for the last 30 years.)
Secret Service? Less competent than the CIA, despite their existing role in handling wire fraud, which they do very badly.
DIA? Apparently competent, but _not_ legally equipped to deal with civilians.
The result is that there is no agency with the legal support and the technical capability to deal with this mess, especially since so much of it is the fault of the federal government for their history of insane policies on encryption and authentication technologies for public use. (Do you low-numbered Slashdot users remember Phil Zimmerman's PGP legal problemas, and having to sign multiple documents to get DES enabled versions of operating systems, and the craziness of 80-bit SSL keys?)