Schneier Says We Don't Need a Cybersecurity Czar

Trailrunner7 writes "Threatpost.com reports that security guru Bruce Schneier says not only should the NSA not run cybersecurity for the federal government, no one should. 'Really what I think is it shouldn't be anybody. We do better without a top-down hierarchy. Our economic and political systems work best when there isn't a dictator in charge, when there isn't one organization in charge. My feeling is there shouldn't be one organization in charge. Not only shouldn't it be the NSA, it shouldn't be anybody,' Schneier said."

I love Schneier

[PingXao]

He won't make any friends with the government research grant people with that attitude, though. Seriously, if you only occasionally read what Schneier has to say, and follow his advice and guidelines, you'll be more "secure" than 99% of everyone else. That's because 99% of the people (and companies) don't follow his advice, which is often simple and just requires a little effort and awareness. It's the "effort and awareness" thing that most people find challenging.

Re:I love Schneier

[moderatorrater]

I completely agree. The biggest point people need to take from Schneier is that security is more of a mindset than anything else. If you care about security and you're willing to take a little effort to achieve it, you can (at least until you get humans involved, then there will be a willing idiot almost every time). Encryption is a solved problem, XSS attacks are easily dealt with if you know what you're doing and head the problem off early in development, etc. The biggest thing that would be accomplished is just to get people thinking about it and dealing with it proactively.

Re:No overlord necessary.

[Ethanol-fueled]

I, for one, would be happy with an oversight committee that does its job.

Cyber Security is OUR problem

I couldn't agree more. I wrote this blog post a few months ago arguing the exact same thing. There will always be crisis situations where government intervention and coordination may be necessary, but the first line of governance and management should be at the personal, community, and company level.

The NSA is more qualified than DHS

[MikeRT]

DHS is a hodge podge of federal agencies that performs like the Keystone Cops in Gestapo uniforms. Not only is the NSA more qualified to take over federal infosec in a time of crisis, but it is statutorally safer for the general public because as a member of the intelligence community, it is not legally a part of the law enforcement apparatus. In order for information to flow to law enforcement, the NSA would not only have to be willing to cooperate, but have to jump a large number of hoops and hurdles to hand off the information. There are a lot of restrictions on the intelligence community with respect to information about Americans that simply don't exist for law enforcement like DHS.

The real reason why we don't need a Cybersecurity Czar is that 99 times out of 100, the systems that are getting hacked are not sensitive systems. Who cares if the Department of Labor or Interior gets hacked here and there since the intelligence community and military are generally competent at securing their classified networks?

Czar?

[DarthVain]

Better question is why the USA needs Czars of anything?

Weren't they leaders of imperialist Russia?

Why would that label seem appropriate?

Re:Our economic and political systems

[Cornwallis]

Hah! Since he dares question the powers-that-be: Next in News: Bruce Schneier to be tried by Cybersecurity Tribunal.

Why an ANYTHING Czar?

[Philip+K+Dickhead]

The second they use the term "Czar", to describe a person in administrative capacity over a regulatory body, they betray the authoritarian and anti-democratic ideology with which they conspire against representative government and individual rights and liberties.

Czar is the Slavic rendering of Caesar. Why anybody sees this as an expediency worthy of trade-off for democratic involvement and oversight is a question I leave you, the dear reader to resolve.