[ISN] What's Up with the Secret Cybersecurity Plans, Senators Ask DHS

From: InfoSec News (alerts@private)
Date: Mon May 05 2008 - 00:50:20 PDT


http://blog.wired.com/27bstroke6/2008/05/senate-panel-qu.html

By Ryan Singel 
Threat Level
Wired.com
May 02, 2008 

The government's new cyber-security "Manhattan Project" is so secretive 
that a key Senate oversight panel has been reduced to writing a letter 
to beg for answers to the most basic questions, such as what's going on, 
what's the point and what about privacy laws.

The Senate Homeland Security committee wants to know, for example, what 
is the goal of Homeland Security's new National Cyber Security Center. 
They also want to know why it is that in March, DHS announced that 
Silicon Valley evangelist and security novice Rod Beckstrom would direct 
the center, when up to that point DHS said the mere existence of the 
center was classified.

Those are just two sub-questions out of a list of 17 multi-part 
questions centrist Sens. Joe Lieberman (I-Connecticut) and Susan Collins 
(R-Maine) sent to DHS in a letter Friday.

In fact, although the two say they asked for a briefing five months ago 
on what the center does, DHS has yet to explain its latest acronym.

The panel, noted it was pleased with the new focus on cyber security, 
but questioned Homeland Security's request to triple the center's 
cyber-security budget to about $200 million.

They cited concerns about the secrecy around the project, its reliance 
on contractors for the operation of the center and lack of dialogue with 
private companies that specialize in internet security.

That center is just one small part of the government's new found 
interest in computer security, a project dubbed the Comprehensive 
National Cybersecurity Initiative, which has been rumored to eventually 
get some $30 billion in funding.

Little is known about the initiative since it was created via a secret 
presidential order in January, though the Washington Post reports that 
portions of it may be made public soon.

    We are also concerned that the lack of information about the CNCI 
    being provided to the public, other agencies, and private entities 
    that conduct business with the government might be creating 
    confusion and concern about the initiative. Given the broad nature 
    and goals of this initiative, agencies may be less likely to plan 
    for their future information technology needs, fearing that systems 
    they purchase might not comply with the initiative. Similarly, 
    industry will be less likely to do business with the government 
    given the uncertainty about future technical requirements. 
    Additionally, the public, of course, must be reassured that efforts 
    to secure cyber networks will be appropriately balanced with respect 
    for privacy and civil liberties.

Why might citizens be worried about privacy and civil liberties? 
Consider that the whole initiative appears to have been launched after 
the Director of National Intelligence told the President Bush that a 
cyber attack might wreak as much economic havoc as 9/11 did.

Consider that the NSA, which currently protects classified networks, 
wants to expand into protecting all non-classified federal government 
networks. Consider that Congress is set to legalize the NSA's monitoring 
rooms in the nation's phone and internet infrastructure.

For its part, the FBI says it also needs access to the internet's 
backbone, while the Air Force is hyping its own efforts at cyber defense 
and offense. Meanwhile, THREAT LEVEL's sister blog Danger Room reports 
that DARPA is getting in on the hot cyber-action, with a project to make 
a fake internet to develop new cyber attacks and defenses.

It's been said many times that if the government knew what the internet 
was going to become when it grew up, they would had never let it out of 
the lab.

Now it seems the only question is whether the government will be able to 
turn the net into a controllable, monitorable and trackable pre-internet 
AOL-type service or whether the chaotic net will live on as just another 
frontier for the military-industrial complex to start an arm's race and 
rake in billions of government dollars.


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon May 05 2008 - 01:09:34 PDT