Homeland Security Watch

News and analysis of critical issues in homeland security

August 26, 2008

Cyber Splits Public & Private Sector

Filed under: Cybersecurity — by Jonah Czerwinski on August 26, 2008

Whatever happened to the public-private partnership? There may be a disconnect between what the private sector says is necessary to better secure cyber space and what the government is willing to do, according to a piece the LA Times runs today highlighting a rift between cyber experts among the private sector and the government, suggesting the latter is not taking the threat seriously.

Is this a symptom of Administration fatigue, wherein the political appointees assume they can’t make progress this late in the game so why try? Or is this a tough love approach wherein the Administration actually wants the private sector to secure its own dang databases?

Jerry Dixon, the previous director of the National Cyber Security Division at DHS is quoted as assessing that “Nothing is happening.” He believes that Washington needs to do much more to protect consumers, businesses, and the government from cyber attacks by criminals, state-based or rogue.

The report suggests two reasons for how we got here: First, the government embraces the notion that the private sector is better suited to deal with this problem. Second, because so many people are in charge of cyber, no one is.

Personifying the hands-off approach, the Director of the National Cyber Security Center (located at DHS) delivered a keynote address at this month’s Black Hat convention in Vegas. His remarks there discussed economic theory, why Abraham Lincoln was the nation’s “first wired president,” and that the financial industry and others needn’t spend more on cyber security than they already do.

The LA Times quotes from his speech, “Over time, the banking industry is pretty rational. So they’re probably doing a good job on investment.” He added that “private security spending in general was probably at about the right level.”

Apparently this was not the answer experts were seeking. The story describes how executives in attendance “grumbled that Lincoln had nothing to do with protecting their corporate networks.”

We’ve covered here the ways on which DHS needs to get its own house in order with respect to organizing for the cyber security mission. But the entire cyber landscape is by design a daunting complex of authorities and interests that fail to fit neatly into a box. DHS oversees protection of government networks. The FBI and Secret Service prosecute perpetrators of cyber crimes. The State Department is involved if a case crosses national boundaries. The role of the armed services is more complicated as described in this post about how to measure cyber attacks in comparison to armed attacks. Moreover, the Internet’s infrastructure is mainly owned and operated by the private sector.

Dixon makes a point that is at the heart of the problem: lack of leadership. The private sector will not spend on security that doesn’t have an obvious and immediate benefit to the bottom line without a coordinated rationale provided by the public sector because the government has no competitive dog in the fight. (It is one thing for Citi to suggest that all banks should beef up cyber security attribution capabilities and quite another for the government to do so.)

“The biggest thing we’ve noted is the lack of a guiding Net plan that includes privacy and infrastructure security,” Dixon said. “We need an overarching cyber doctrine that’s shepherded by the White House.”

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

4 Comments »

Comment by William R. Cumming

August 26, 2008 @ 8:47 am

Curiosity! Do readers of this blog view internet censorship and control as related to cyber security/syber crime? Clearly major efforts are being made by nation-states to police the internet! Not sure what US Executive Branch is doing on that score but certainly reading of internet message traffic seems to be a key part of the GWOT? If my understanding is correct there is NO privacy right for messages posted on internet. Comments requested.

Comment by Christopher Tingus

August 27, 2008 @ 6:47 am

The need for indepth, comprehensive Cyber Security/technology policy and implementation led by the valued and proven competencies of those we can entrust is so vital to our national interests.

The scientific and mathematically trained leadership of China understands the value of computer technology and monitoring internet discussions and is doing its utmost to use our fiat dollars to enhance their enlightenment and deployment of such…

The legal professionals that are at the helm in the west in government leadership roles do not have the acumen to understand the imperative policy commitment and implementation required for our security. The west is far too liberal and will prove again as it has in history its reluctance to portray strength as our democratic ideals are being challenged by those seeking our demise.

Unfortunately, it will take war to wake the west and many will suffer needlessly if we could show strength as our survival depends on asserting our earned prominence in this world where America has portrayed compassion for others and stood tall for human rights.

Look to the sky for the one nation who supercedes all others in cyber technology will reign power from the horizon for all to fear until the almighty descends to alleviate the dastardly deeds of those evil in heart.

Yes, you are correct that there are NO privacy rights and all internet message traffic is subject to scrutiny and the ACLU and anyone else can complain, however to no avail.

While we may hope that privacy rights prevail, from what I can gather, many nations feel compelled to monitor any and all internet communications and this practice will undoubtedly continue as world tensions and economic woes heighten and governments see the further necessity to indulge on behalf of the majority interests.

We here have two Presidential candidates who don’t have a grasp or the training/experience to address and from my perspective, this great nation and the most charitable people in the world must wake up to the fact that the world outside their suburban enclave is quite dangerous and imposing of its values and will only foster life-threatening military action and less and less rights for the individual.

What a shame that evil so prevails when so much prosperity and technological and other growth offers so much hope, yet this reader is pervaded with despair because he sees those we entrust to stand tall and make difficult decisions waver in their diligent commitment to serve the public and the majority interests our national security.

God Bless America!

Christopher Tingus
Harwich, MA USA

Comment by Max

August 27, 2008 @ 7:05 am

>>”Look to the sky for the one nation who supercedes all others in cyber technology will reign power from the horizon for all to fear until the almighty descends to alleviate the dastardly deeds of those evil in heart.”

What in the world? Mr. Tingus I couldn’t finish that lengthy and confusing missive, but that passage above was too bizarre to pass up. Your strange assertion that the west is “far too liberal” to be secure as others challenge our security makes zero sense. Moreover, I don’t see the connection to this post’s main point: lack of government leadership in coordinating with the private sector in order to better secure our cyber assets. We do not have a liberal government in place. So it would seem odd to blame liberalism for our lack of cyber security.

Comment by Christopher Tingus

September 8, 2008 @ 8:59 pm

I am sorry that you are confused, however I am confident that readers and especially me would like to hear you express your thoughts on the matter in your attempt to share your valued perspective.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>