Cyber-security chief resigns in protest

Question of the Day

What has been the biggest debacle on Obama's watch?

View results

The official in charge of coordinating the U.S. government’s cyber-security operations has quit, saying the expanding control of the National Security Agency over the nation’s computer security efforts poses “threats to our democratic processes.”

“Even from a security standpoint, it is unwise to hand over the security of all government networks to a single organization,” said Rod A. Beckstrom, the head of the Department of Homeland Security’s National Cyber Security Center (NCSC) when speaking to United Press International.

“If our Founding Fathers were taking part in this debate [about the future organization of the government’s cyber-security activities], there is no doubt in my mind they would support a separation of security powers among different [government] organizations, in line with their commitment to checks and balances,” he said.

In a letter to Homeland Security Secretary Janet Napolitano last week, Mr. Beckstrom said the NSA “dominates most national cyber efforts” and “effectively controls DHS cyber efforts through detailees, technology insertions and the proposed move” of the NCSC to an NSA facility at the agency’s Fort Meade, Md., headquarters.

“I believe this is a bad strategy on multiple grounds,” Mr. Beckstrom wrote in the letter, a copy of which was obtained by UPI. “The intelligence culture is very different than a network operations or security culture. In addition, threats to our democratic processes are significant if all top-level government network security and monitoring are handled by any one organization.”

Greg Garcia, who was the Bush administration’s first presidentially appointed head of cyber-security at DHS before leaving last December - and who worked with Mr. Beckstrom for nine months - told UPI that although he did not share Mr. Beckstrom’s anxiety, “I recognize the cautionary flag he is raising.”

Mr. Beckstrom’s resignation - after less than a year in office - comes as the Obama administration moves to complete a 60-day review of the way cyber-security efforts are organized in the U.S. government. Successive administrations have wrestled with the complex problem of how to delineate and define the roles of various intelligence, military and security agencies in assuring the integrity of the nation’s computer networks, the vast majority of which are owned and operated by the private sector and depend for their efficacy on their open and accessible, and therefore security-unfriendly, architecture.

“There’s been a lot of duplication and not enough coordination,” Jessica Herrera-Flanigan, a former senior congressional staffer on the House Homeland Security Committee, told UPI.

Mr. Garcia said there had been a “fairly collaborative partnership, not just between NSA and DHS, but … with a whole lot of moving parts” and different agencies within the government.

“Clearly, both operationally and technologically, the intelligence community is a key element,” he said of the sprawling and sometimes fractious collection of spy agencies that serve the U.S. government. But he said DHS’ role had to be primary “from a legal standpoint and from a trust and privacy standpoint.”

“Unlike the [Department of Defense] or the intelligence community, DHS has a statutory responsibility to work across all levels of federal, state and local government and the private sector,” he said.

DHS has come under fire for its cyber-security work, with some criticizing an approach they saw characterized by turf squabbles and overlapping and contradictory lines of authority. Some, most recently including Director of National Intelligence Dennis C. Blair, have called for a greater role for U.S. intelligence agencies in cyber-security as a result of the 60-day review, which is being led by an official in Mr. Blair’s office.

Mr. Garcia acknowledged what he called “growing pains” in DHS’ cyber-security efforts but maintained it would be a mistake to shift primary responsibility for the issue away from the department.

“If there were a move,” as a result of the 60-day review, “to centralize or focus cyber-security strategy on the intelligence community, that would jeopardize the relationship we [at DHS] built up over several years with the private sector.”

Another Bush administration DHS official, former Assistant Secretary for Policy Stewart Baker, told UPI that although Mr. Beckstrom’s criticism of the NSA’s role was receiving more media attention, “I suspect his frustration was driven as much by the funding and organizational issues as by NSA.”

In his resignation letter, Mr. Beckstrom wrote that “the NCSC did not receive appropriate support inside DHS. … During the past year, the NCSC received only five weeks of funding, due to various roadblocks engineered within the department and by the Office of Management and Budget.”

“Someone canceled all our contracts for office space, computers and furniture … without telling us,” he told UPI. “I never had a one-on-one meeting with the new secretary, although I reported directly to her … and last year, there were only five weeks during which we had access to the money to make hires, rent office space and buy equipment we needed.”

“He came from a very different background” than most federal officials, said Miss Herrera-Flanigan of Mr. Beckstrom, who was a Silicon Valley entrepreneur and author before joining the department.

“There was a big challenge” for him in negotiating “the dynamics between the different players” in the department, she said. “Unless he was given the authorities to coordinate across the department, it would have been a problem,” she added.

Mr. Beckstrom said the center he ran, set up to oversee and coordinate all federal government cyber security activity, “has a role which is much coveted by others in government, so there were natural tensions.”

“Rod is a friend and a remarkable talent,” Mr. Baker said. “He understood Washington much better than most in Silicon Valley. His inability to move the bureaucracy shows how deep is the divide between government and the tech community.”

Department spokeswoman Amy Kudwa told UPI that DHS “has a strong relationship with the NSA … and is fully engaged with the 60-day cyber-security review. … We look forward to our continued, positive working relationship with all our partners on outreach to the private sector as we strive to further secure our nation’s cyber networks.

“We thank Rod for his service, and regret his departure,” she concluded.

The NSA’s public affairs office referred requests for comment to DHS.

Comments
blog comments powered by Disqus