The revolving door at the Department of Homeland Security’s National Cybersecurity Center continues to spin at warp speed, with the announcement late last week that yet another U.S. cybersecurity czar is leaving the agency.
Rod Beckstrom, who became NCC director a year ago, complained in his resignation letter about interference with his duties coming from the National Security Agency. Beckstrom, a former Silicon Valley entrepreneur, also said his agency suffered from a lack of funding as it tried to coordinate efforts to protect the nation’s information infrastructure.
The bad news about Beckstrom’s resignation: He joins a long list of cybersecurity czars who since Sept. 11, 2001, never manage to stay longer than 18 months in the position thanks to internecine politics. The good news regarding his departure? Private sector security experts say it gives the new Obama administration a chance to put its own stamp on how the U.S. can better protect its government and civilian networks.
The administration is in the middle of a 60-day review of government cybersecurity proposals begun last year by George W. Bush.
A Chance for NCC to Regroup
Beckstrom’s decision to leave government service was little surprise to both Gary McGraw, chief technology officer at Cigital, and Gary Moore, chief architect at Entrust.
“These guys don’t tend to last long, and the ones who are really good really don’t last long,” McGraw told TechNewsWorld. McGraw mentioned Amit Yoran, who served in the post from September 2003 to October 2004. “We all thought Amit was crazy and wished him the best and were not surprised it didn’t stick.”
The change represents an opportunity for the government to refocus its priorities regarding cybersecurity, said McGraw. “I’d like to see the Obama administration take a leadership role in cutting through the interagency politics associated with cybersecurity. There’s been a real paradigm shift in commercial software security in the past 10 years, but the government has not made as much progress as companies like Microsoft and Google, and some of the major banks have” in this arena, he said.
What’s needed here, McGraw says, is an epiphany along the lines of former Microsoft CEO Bill Gates’ “trustworthy computing” memo of January 2002, when he notified all employees that the company would rededicate itself to promoting secure software environments.
“That was a leadership moment, and we need that for the country now. We also need somebody to carry out those activities.”
Redrawing the Lines
“There are definitely so many forces at play within the government when it comes to cybersecurity; a director is facing a challenge when they get in office and want to move something ahead,” Moore told TechNewsWorld.
Beckstrom may have a point with his complaints that the NSA was taking too big a role in infrastructure protection, Moore said. “They (the NSA) are a great bunch of guys, very intelligent, and they know what they need to do to make sure the intelligence community is protected, but that doesn’t always apply when you bring it down to an agency like Treasury, which is trying to work with consumers. Until they get more cooperative arrangements, they’ll keep seeing this.”
Obama has appointed Bush cybersecurity holdover Melissa Hathaway to conduct the 60-day review, and many observers believe she will be offered Beckstrom’s job when that is complete. She has garnered positive reviews for the few public comments she’s made tying civilian hacking threats like private sector intrusions and ID theft to the same kinds of techniques that could be favored by rogue nations and military spymasters working for foreign governments.
“When you start looking at it from that perspective, not just the big picture — protecting the government — but how it also goes down to a very personal level, and how it (cybersecurity) is starting to have an impact on things like economic recovery, that’s a whole different way of having to look at things that government is not quite at yet,” Moore said.