Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier Says We Don't Need a Cybersecurity Czar

Posted by timothy on from the but-sir-these-polls-show-that-you're-winning dept.

Trailrunner7 writes "Threatpost.com reports that security guru Bruce Schneier says not only should the NSA not run cybersecurity for the federal government, no one should. 'Really what I think is it shouldn't be anybody. We do better without a top-down hierarchy. Our economic and political systems work best when there isn't a dictator in charge, when there isn't one organization in charge. My feeling is there shouldn't be one organization in charge. Not only shouldn't it be the NSA, it shouldn't be anybody,' Schneier said."

23 of 173 comments (clear)

  1. Our economic and political systems by Culture20 · · Score: 4, Interesting

    Our economic and political systems work best when there isn't a dictator in charge

    Next in News: Bruce Schneier asked to be member of a Cybersecurity Tribunal.

    1. Re:Our economic and political systems by Cornwallis · · Score: 4, Insightful

      Hah! Since he dares question the powers-that-be: Next in News: Bruce Schneier to be tried by Cybersecurity Tribunal.

  2. Makes sense by Captain+Splendid · · Score: 4, Interesting

    The internets are decentralized (mostly), so why shouldn't the security model be?

    --
    Linux, you magnificent bastard, I read the fucking manual!
    1. Re:Makes sense by Shakrai · · Score: 5, Informative

      The cybersecurity czar would more likely than not be mostly responsible for making sure that the public perceives that the feds are doing actually something while actually accomplishing very little other than to direct a few contracts to vendors who donated the right amount of money and/or were buddies of his while he was in school

      Fixed that for you. Given the track record of the other "czar's" appointed by the Federal Government, you'll forgive me for my skepticism.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Makes sense by flyingsquid · · Score: 5, Funny

      The problem isn't the basic idea of having a 'czar', which is a good idea. The issue is that we have too many czars appointed, so it has become difficult to keep track of them all and coordinate their efforts. What we need is a single individual given the executive power to oversee all of these czars, and appoint them, discipline them, and fire them at will, so as to centralize control of the czars. That person will be the Czar Czar.

    3. Re:Makes sense by Tanktalus · · Score: 3, Insightful

      Also known as The President?

      Mind you, maybe that's part of the problem ... and the Czar Czar should be the Speaker of the House...

    4. Re:Makes sense by snspdaarf · · Score: 4, Funny

      ....Gabor?

      --
      Why, without your clothes, you're naked, Miss Dudley!
  3. No overlord necessary. by Bentov · · Score: 4, Funny

    I, for one, would be happy without an overlord.

    1. Re:No overlord necessary. by Ethanol-fueled · · Score: 5, Insightful

      I, for one, would be happy with an oversight committee that does its job.

    2. Re:No overlord necessary. by Farmer+Tim · · Score: 3, Interesting

      I, for one, would be happy with an oversight committee that does its job.

      oversight: (n) an unintentional failure to notice or do something.

      Job descriptions don't come more accurate than that...

      --
      Blank until /. makes another boneheaded UI decision.
  4. I love Schneier by PingXao · · Score: 5, Insightful

    He won't make any friends with the government research grant people with that attitude, though. Seriously, if you only occasionally read what Schneier has to say, and follow his advice and guidelines, you'll be more "secure" than 99% of everyone else. That's because 99% of the people (and companies) don't follow his advice, which is often simple and just requires a little effort and awareness. It's the "effort and awareness" thing that most people find challenging.

    1. Re:I love Schneier by moderatorrater · · Score: 4, Insightful

      I completely agree. The biggest point people need to take from Schneier is that security is more of a mindset than anything else. If you care about security and you're willing to take a little effort to achieve it, you can (at least until you get humans involved, then there will be a willing idiot almost every time). Encryption is a solved problem, XSS attacks are easily dealt with if you know what you're doing and head the problem off early in development, etc. The biggest thing that would be accomplished is just to get people thinking about it and dealing with it proactively.

  5. Cyber Security is OUR problem by Anonymous Coward · · Score: 4, Insightful

    I couldn't agree more. I wrote this blog post a few months ago arguing the exact same thing. There will always be crisis situations where government intervention and coordination may be necessary, but the first line of governance and management should be at the personal, community, and company level.

  6. The NSA is more qualified than DHS by MikeRT · · Score: 4, Insightful

    DHS is a hodge podge of federal agencies that performs like the Keystone Cops in Gestapo uniforms. Not only is the NSA more qualified to take over federal infosec in a time of crisis, but it is statutorally safer for the general public because as a member of the intelligence community, it is not legally a part of the law enforcement apparatus. In order for information to flow to law enforcement, the NSA would not only have to be willing to cooperate, but have to jump a large number of hoops and hurdles to hand off the information. There are a lot of restrictions on the intelligence community with respect to information about Americans that simply don't exist for law enforcement like DHS.

    The real reason why we don't need a Cybersecurity Czar is that 99 times out of 100, the systems that are getting hacked are not sensitive systems. Who cares if the Department of Labor or Interior gets hacked here and there since the intelligence community and military are generally competent at securing their classified networks?

    1. Re:The NSA is more qualified than DHS by Beryllium+Sphere(tm) · · Score: 5, Informative

      At the Department of the Interior, "Alan Balaran, a court-appointed special master, soon confirmed that a team of hackers could break into the trust accounting system with relative ease and then write checks on the trust funds". Those trust funds were held for the benefit of Native American nations, who filed a multi-billion dollar lawsuit over the security problems.

      There are sensitive systems all over.

  7. Czar? by DarthVain · · Score: 4, Insightful

    Better question is why the USA needs Czars of anything?

    Weren't they leaders of imperialist Russia?

    Why would that label seem appropriate?

  8. The business generalization is too crude by hey! · · Score: 4, Interesting

    Top down works -- for managing the efficient, repeated performance of a task with well defined and stable success criteria, and where performance can be improved incrementally by local adjustments. Top down has a place in the world. When consistent is at a premium, top down is the way to go.

    Bottom up works too -- for tasks that involve things that are too complex and fluid for a single person or chain of command to comprehend and react to. Where creativity is at a premium, bottom up is the way to go.

    No structure works too -- for tasks where there is a body of people who understand every part of that task. Think a Shaker barn raising. When you have a body of people who've mastered every aspect of a task and everyone can see what task needs more hands, then no structure is the way to go.

    It seems to me that something like cybersecurity needs a bit of each approach. It's organizationally difficult, if not impossible to approach such a problem perfectly. However, I think the rough appearance of a structure to handle this would be top down with expertise pushed out to the various groups in the organization and discretion allowed.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  9. Examples of oversight committees working, please by Anonymous Coward · · Score: 3, Interesting

    All regulatory agencies, oversight committees, etc. are taken over by the regulatees.

    This is a law of human social system-level nature as inexorable as the law of gravity.

    History is full of layers and layers of oversight, none of which substitute for the self-interest of the operational group doing their job 'right'.

    That doesn't happen very often even in large corporations, is rare in government : precisely what you expect from the relative levels of self-interest of employees in these orgs.

    I have worked in organizations from startups through state and federal governments. I am currently in a 30-person small network products company. As a generalization, I find that startups generally work, small organizations do quite often, but the larger the organization and the less connected the employees with management, the worse they execute,

  10. Why an ANYTHING Czar? by Philip+K+Dickhead · · Score: 5, Insightful

    The second they use the term "Czar", to describe a person in administrative capacity over a regulatory body, they betray the authoritarian and anti-democratic ideology with which they conspire against representative government and individual rights and liberties.

    Czar is the Slavic rendering of Caesar. Why anybody sees this as an expediency worthy of trade-off for democratic involvement and oversight is a question I leave you, the dear reader to resolve.

    --
    "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
  11. The "tyranny of the hierarchy" by macraig · · Score: 4, Interesting

    Schneier seems to instinctively grasp what so many people don't: the hierarchical nature of virtually all human organizations - and derived from that vestigial alpha-male instinct - is prone to corruption, subversion, and ultimately ethical failure. Or to quote the old cliche: the Peter Principle applies here, with a twist: it's often the least ethical scum that rises to the top, not the least capable. Even the supposedly democratic United States government is organized in such a fashion, and the successful treasonous behavior of the Bush administration is a useful demonstration of how it can go wrong very quickly.

    What Schneier is very reasonably suggesting is that we lessen that hierarchy, not add to it.

  12. Bruce Schneier Facts by brunes69 · · Score: 3, Funny

    Bruce Schneier's secure handshake is so strong, you won't be able to exchange keys with anyone else for days.

    http://geekz.co.uk/schneierfacts/

  13. Re:dictator or bureaucracy? by sethstorm · · Score: 3, Interesting

    The one that exists in the private sector, and controls government.

    Or:

    The one that exists as a foreign government that controls us via large amounts of debt and/or business lobbies.

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
  14. why NSA shouldn't be used for defense by SethJohnson · · Score: 3, Interesting



    The problem with the NSA is that it IS part of the intelligence structure. If you insert them as a defensive player, more often than not, they will take absolutely NO action in order to protect their spying capabilities.

    At present, nobody knows exactly what the reach is of the NSA. Nobody knows what they can and can't hear. If you task them with defending assets, each probe or attack reveals new information about what the NSA has at their disposal, depending on what the response is. I really don't think the NSA is willing to compromise the secrecy of its capabilities in order to thwart hackers.

    Seth

    --
    $5 / month hosted VPS on linux = awesome!