http://www.businessweek.com/technology/content/mar2008/tc20080320_011308.htm By Keith Epstein Business Week March 21, 2008 Rod Beckström may seem like an unconventional choice to be the nation's top cybersecurity watchdog. On Mar. 20, the Bush Administration named Beckström head of the National Cyber Security Center, an interagency group quietly created by a national security directive signed by President Bush in January. Beckström, 47, is a Silicon Valley entrepreneur, a former derivatives trader, and a champion of conflict resolution in Africa. He's better known as the founder of business collaboration software provider Twiki.net and as an author specializing in the agility of decentralized organizations than for connections inside the Beltway or expertise in cybersecurity. Is he really the best choice for defending U.S. computer networks from cyberattacks? Does Beckström have the bona fides to secure the government's computer systems, which have been penetrated with regularity in recent years, and against which the government has failed to orchestrate a coordinated, centralized response? Absolutely, say some network security professionals and insiders at the Pentagon, the National Security Agency, and the White House. Decentralization Expertise Who better to come against the splintered, decentralized bands of hackers and cybercriminals who pose the biggest threat to computing systems than an expert in, well, decentralization? Beckström highlights the benefits of not having a traditionally hierarchical, identifiable, and centralized organizational structure in The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations [1], a book he co-authored in 2006. For one, leaderless groups are more nimble. They can be more creative. Think of the creation and organic growth of Craigslist, Wikipedia, and even terrorist cells. Then there are hackers, whose ability to mask identities, navigate the unregulated wilds of the Internet, and insert malware where chief information officers least expect it gives them disproportionate power and reach. Whether in the marketplace or the battlefield, the advantage goes to those who are harder to identify and locate, and who lack a clear headquarters or chain of command. "Decentralization has been lying dormant for thousands of years," wrote Beckström and co-author Ori Brafman. "But the advent of the Internet has unleashed this force, knocking down traditional businesses, altering entire industries, affecting how we relate to one another, and influencing world politics." Beckström and co-author Brafman add: "The absence of structure, leadership, and formal organization, once considered a weakness, has become a major asset. Seemingly chaotic groups have challenged and defeated established institutions. The rules of the game have changed." Spider vs. Starfish The title comes from organizational properties. "Spider" organizations are rigid and centralized. People follow the leader. Encounter big problems at the top and the entire structure collapses. Better to think like a "starfish," which moves forward thanks to the independent movement of multiple arms that can regenerate if severed. The question now, of course, is just how far Beckström can take his thesis. He has supporters who think similarly in the Pentagon, where senior military officials have mentioned his book while discussing computer security issues and in gatherings of computer security specialists in the few weeks prior to Beckström's selection. As one such security consultant noted in an early March presentation to computer-system managers working for defense contractors, power companies, and universities: "What sense does it make to let the enemy know the Air Force has a Cyber Command up and running? Maybe it makes more sense to think as Rod Beckström advocates—dispersing our networks, spreading our response to them around, creating the same kind of uncertainty in their minds about where we are that we have about where they're coming from." Federal bureaucracies have been struggling for years with hacker intrusions and attempts to manage varying efforts within agencies. But despite new laws and rules, new programs within individual agencies, and a 2003 national "strategy" intended to secure cyberspace, many government networks remain insecure. The General Accountability Office, the investigatory arm of Congress, last October noted that agencies often lack information security on their networks and had not secured data. "We're simply stalled as a nation when it comes to cybersecurity," says Vic Maconachy, a former top computer science official with the National Security Agency. "We can no longer wait for someone to come along and lead the way." The impulse for a coordinated fix is now accompanied in some circles by a yearning for a decentralized approach. Cybersecurity specialist Paul Kurtz, a former homeland security and national security official during the Bush and Clinton administrations, is among Beckström's fans. "Rod can help the government bureaucracy help itself," says Kurtz. "Rather than centralized command and control, Rod brings new thinking about how decentralized organizations can help defend government networks." Beckström has made no bones about his criticism of the Bush Administration's approach to terrorism. "After 9/11…we took all the different police forces and intelligence forces and put them all under Homeland Security," he noted in a Jan. 1, 2007, interview with The Washington Post. "That was a major centralization move, and typical: When a fairly centralized player gets attacked by a decentralized force, like al Qaeda, the first reaction is to centralize further, and that's usually a strategic mistake." Added Beckström in that interview: "We can centralize our opponents and decentralize our own activity." A Serial Entrepreneur Homeland Security Secretary Michael Chertoff welcomed Beckström in a brief statement, saying he would help government agencies "implement cyber security strategies in a cohesive way" and improve "situational awareness and information sharing." Chertoff noted Beckström has "unique entrepreneurial and creative business thinking." A Homeland Security spokeswoman says Beckström is currently declining requests for interviews. Twiki.net, an open-source collaboration platform for businesses, including many blue chip companies, replaced its co-founder with Thomas Barton as interim CEO. A native Oklahoman, Beckström started his first company at age 24 in a garage apartment. He was attending Stanford Business School at the time, and had previously worked in London for two years as a derivatives trader at Morgan Stanley (MS). By stringing together student and other loans, he created financial software that eventually became CATS Software. The software helped banks estimate the risk of derivatives used as a hedge against losses in currency and interest rates. Beckström co-founded Mergent Systems, eventually sold to Commerce One, and has been an adviser to venture capitalists. He also serves on boards of African microlender Jamii Bora Trust and the Environmental Defense Fund. Epstein is a correspondent in BusinessWeek's Washington bureau. [1] http://www.amazon.com/exec/obidos/ASIN/1591841437/c4iorg ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Mon Mar 24 2008 - 10:58:37 PST