Homeland Security Watch

Comment by William R. Cumming

May 29, 2009 @ 10:01 am

A few notes and if incorrect please correct? First Clinton did technically create the PCCIP in 1996 by Executive Order but his hand was forced by Congress which had mandated such a commission (often referred to as the “Marsh” Commission.) The leaders in the mandate were Senator’s Jon Kyle and Bennett, the later being a former Assistant Secretary of Commerce. Kyle and Bennett were assisted through backdoor contacts with a huge retinue of civil servants and of course eventually the $350 Billion y2k federal effort somewhat overshadowed direct cyber security. This still is and will be for some time IMO the largest preparedness effort ever undertaken in the Executive Branch outside of perhaps DOD and of course this also included DOD which had the largest y2k failure for failure to reprogram a key NRO satellite out for over 12 days.
Actually issued in 1998, PD-63 was a hurried NSC staff led effort to protect Clinton’s flanks on critical infrastructure protection but really had little to do with cyber. Richard Clarke did become cyber czar of sorts and prepared the strategy and worked hard at alerting on cyber. His book “Against All Enemies” has interesting discussion of his conversion to cyber czar.
Finally, Congress actually mandated a White House Cyber Czar position but never filled under Bush because they made the position an “advise and consent” position that would be subject to Congressional demands during hearings.
Eventually, the “Big One” of cyber will happen and really hoping someone competent takes time and effort to update this magnificant piece of history you have captured.
Where do I stand? I would reduce much of the expenditures on physical security in the country and devote or transfer that to cyber! But I would also empower some Executive Branch organization to have the full gamut of authority through standard setting and rulemaking on cyber security to promote resilience, redundancy, interoperability, and security. Hey but what do I know I am on AOL dial up in the hinterlands.

Comment by Jessica Herrera-Flanigan

May 29, 2009 @ 7:31 pm

On PCCIP – it was created in 96, with its report issued in 97. The Commission itself grew out of a recommendation by the Critical Infrastructure Working Group (CIWG), led by then Deputy AG Jamie Gorelick, that new vulnerabilities in the nation’s infrastructure be studied and addressed. CIWG came in response to the OK City bombing. This was separate and apart from the Bennett-Kyl Y2K efforts that were occuring at the same time (though both participated in rigorous oversight of both).

Congress actually never mandated a White House Cyber Czar post 9/11 (though Senators Rockefeller and Carper are now pushing for something similar). Proposals circulated and there was much discussion but the resulting legislation that actually was enacted into law created the Assistant Secretary for Cybersecurity & Telecommunications at the Department of Homeland Security.

Comment by William R. Cumming

May 30, 2009 @ 5:42 am

DOJ had some rudimentary interest in cyber crime enforcement going back to the Reagan Adminstration. Only the arrival of Gorelick and personnel like Michael Vatis got DOJ thinking more broadly.
Thanks Jessica for the corrections. I do know that prior to the PCCIP report in all the meetings I was in physical security was the primary driver on CIP and interesting in drafting EO 12656 which developed lead and support roles for “National Seccurity Emergencies” a term first used in EO 12472 and undefined until EO 12656, and that latter EO revoked old EO 10421 which dealt with physical security. DOJ was in favor of revocation of that order because the first Director of FEMA under President Reagan was using it to hammer DOJ on a variety of issues including law enforcement during the 1984 Olympics leading to some efforts to abolish FEMA and certainly curtail its national security policy focus, rudimentary as that was at the time. See NSDD-188. None-the-less, DOJ while not wanting FEMA to have the lead of Executive Branch civil physical security issues, did not want the lead themselves so that they drafted a supporting role for themselves on physical security and also on terrorism. EO 12656 was issued after the 1988 elections on November 18, 1988, and is still extant although filled with odd problems caused by its subsequent amendment, some of which were duplications, and should be totally revised.
My point is simple, as of November 18, 1988, DOJ was thinking only vaguely of cyber crime and not sure how much amendment of Title 18 had occurred to deal with even that issue. I do know that in one of the four or five drafting sessions for PD-63 I suggested that the crime of “Sabotage” be updated for cyber and was looked at with askance by most in the room. That drafting was led by NSC staff that acted somewhat bored over the whole thing as though they had better things to be doing. So much for cyber security before Richard Clarke’s orchestration of the issue with Jamie Gorelick full attention in the mid-90′s!
This whole history really is important to pin down before the great witch hunt that will occur after the first major cyber security failure impacting the US economy and national security. Although may that has already occurred and been classified. I rank the top threats from China, Russia, India as nation-states, and of course the sub-state actors are probably already making off with goodies in virtual form.

Comment by Christopher Tingus

May 30, 2009 @ 6:47 am

As all seemingly recognize the importance of subject Cyber-Czar post assignment and indepth focus and commitment in national security prerequisite, it is the rogue and self-imposed dictators and the fundamentalist organizations that we should be very leary of as they enjoin legions of willing participants to do their utmost to muster an impressive attack on the global community as well as of course our USA national interests as after all if it were not for America, everyone would be speaking German and have no rights!

Imagining sitting as today’s “hacker” at his/her computer with their acknowledged intellect and proven skill sets, though perverse in their quest to find challenging conquests that cause fear and anxiety as they attain expertise from level to level, it would be the transportation industry that I would focus on disrupting here in the States as well as a coordinated attack on major EU hubs as all were impressed on how quickly the evil deeds of terrorists grounded the very busy skies on 911. It was truly a marvel at how quickly so many aircraft landed. Kudos to the flight controllers….

Whether it be the vulnerable electric grid system or other, the apparent enlightenment by you Mr. President as voiced yesterday in your speech depicting an administration which understands this priority, we, Mr. & Mrs. Joe Citizen who buy security packages to protect our simple laptops from the maliciousness of individuals trying to infect our small systems with little intent other than to amuse themselves, welcome the administration’s broad and detailed establishment of a “command post” readied to utilize our very resourcesful and available “geek power” to continue to thwart the ever-increasing enlightened attempts to bring us to an abrupt shut-down.

While Ms. Jessica Herrera-Flanigan and Mr. William R. Cumming, well versed in this security sector with very specific perspectives which should be valued inside the beltway and in industry, we here on the street doing what little we can with our security programs and firewalls can only assume that our infrastructure is “hit on” daily with increasing frequency.

We all look forward to much topic discussion and many of you reading this important Hls.watch are urged to comment as the hours are passing and our national security issues need an immediate, organized and proactive ambition to safeguard us and our neigbors.

Not knowing what present Cyber-security memorandums in understanding have been shared among all nations as I assume treaties of sorts, however the global comunity should already have in place what I refer to as “CyberSecGlobal” Agreements with one another that if signatories of this Agreement are found and proven to have been engaged in an cyber-attack, it would be considered an act of War!

I am saying that new rules of engagement have hopefully already been signed and established clearly understood by the global commnity.

All must be done to follow the money and encouraged to – think out of the box – never underestimating those that seek to focus their efforts and prioritize while employing a parallel and related strategy to distract us from their real objective in lust of Cyber power!

Coupled with our Homeland Security color coded warning system, we should employ a “Cyber Level Alert” system for the nation or would it always be at the highest level!

We are under attack constantly and all should be applauded at NSA and other agencies as well you Mr. President and your administration and Congressional members who are being briefed by our “geeks” as to brevity of the issues we face as a nation and throughout the global community….

Christopher Tingus
GPS location:
Harwich (Cape Cod), MA 02645 USA
chris.tingus@gmail.com

the severity of fare only begoi