Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier Says We Don't Need a Cybersecurity Czar

Posted by timothy on from the but-sir-these-polls-show-that-you're-winning dept.

Trailrunner7 writes "Threatpost.com reports that security guru Bruce Schneier says not only should the NSA not run cybersecurity for the federal government, no one should. 'Really what I think is it shouldn't be anybody. We do better without a top-down hierarchy. Our economic and political systems work best when there isn't a dictator in charge, when there isn't one organization in charge. My feeling is there shouldn't be one organization in charge. Not only shouldn't it be the NSA, it shouldn't be anybody,' Schneier said."

8 of 173 comments (clear)

  1. Our economic and political systems by Culture20 · · Score: 4, Interesting

    Our economic and political systems work best when there isn't a dictator in charge

    Next in News: Bruce Schneier asked to be member of a Cybersecurity Tribunal.

  2. Makes sense by Captain+Splendid · · Score: 4, Interesting

    The internets are decentralized (mostly), so why shouldn't the security model be?

    --
    Linux, you magnificent bastard, I read the fucking manual!
  3. The business generalization is too crude by hey! · · Score: 4, Interesting

    Top down works -- for managing the efficient, repeated performance of a task with well defined and stable success criteria, and where performance can be improved incrementally by local adjustments. Top down has a place in the world. When consistent is at a premium, top down is the way to go.

    Bottom up works too -- for tasks that involve things that are too complex and fluid for a single person or chain of command to comprehend and react to. Where creativity is at a premium, bottom up is the way to go.

    No structure works too -- for tasks where there is a body of people who understand every part of that task. Think a Shaker barn raising. When you have a body of people who've mastered every aspect of a task and everyone can see what task needs more hands, then no structure is the way to go.

    It seems to me that something like cybersecurity needs a bit of each approach. It's organizationally difficult, if not impossible to approach such a problem perfectly. However, I think the rough appearance of a structure to handle this would be top down with expertise pushed out to the various groups in the organization and discretion allowed.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  4. Examples of oversight committees working, please by Anonymous Coward · · Score: 3, Interesting

    All regulatory agencies, oversight committees, etc. are taken over by the regulatees.

    This is a law of human social system-level nature as inexorable as the law of gravity.

    History is full of layers and layers of oversight, none of which substitute for the self-interest of the operational group doing their job 'right'.

    That doesn't happen very often even in large corporations, is rare in government : precisely what you expect from the relative levels of self-interest of employees in these orgs.

    I have worked in organizations from startups through state and federal governments. I am currently in a 30-person small network products company. As a generalization, I find that startups generally work, small organizations do quite often, but the larger the organization and the less connected the employees with management, the worse they execute,

  5. The "tyranny of the hierarchy" by macraig · · Score: 4, Interesting

    Schneier seems to instinctively grasp what so many people don't: the hierarchical nature of virtually all human organizations - and derived from that vestigial alpha-male instinct - is prone to corruption, subversion, and ultimately ethical failure. Or to quote the old cliche: the Peter Principle applies here, with a twist: it's often the least ethical scum that rises to the top, not the least capable. Even the supposedly democratic United States government is organized in such a fashion, and the successful treasonous behavior of the Bush administration is a useful demonstration of how it can go wrong very quickly.

    What Schneier is very reasonably suggesting is that we lessen that hierarchy, not add to it.

  6. Re:No overlord necessary. by Farmer+Tim · · Score: 3, Interesting

    I, for one, would be happy with an oversight committee that does its job.

    oversight: (n) an unintentional failure to notice or do something.

    Job descriptions don't come more accurate than that...

    --
    Blank until /. makes another boneheaded UI decision.
  7. Re:dictator or bureaucracy? by sethstorm · · Score: 3, Interesting

    The one that exists in the private sector, and controls government.

    Or:

    The one that exists as a foreign government that controls us via large amounts of debt and/or business lobbies.

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
  8. why NSA shouldn't be used for defense by SethJohnson · · Score: 3, Interesting



    The problem with the NSA is that it IS part of the intelligence structure. If you insert them as a defensive player, more often than not, they will take absolutely NO action in order to protect their spying capabilities.

    At present, nobody knows exactly what the reach is of the NSA. Nobody knows what they can and can't hear. If you task them with defending assets, each probe or attack reveals new information about what the NSA has at their disposal, depending on what the response is. I really don't think the NSA is willing to compromise the secrecy of its capabilities in order to thwart hackers.

    Seth

    --
    $5 / month hosted VPS on linux = awesome!