After several weeks of delays, the Obama administration is preparing to release the results of its long-anticipated review of U.S. cybersecurity policy, and with the results, a sketch of billion-dollar bureaucracy that will be created to contain the growing threats to national security, private and commerce.
The review was prepared by Melissa Hathaway, the acting senior director of the National Security Council for cybersecurity and was submitted internally three weeks ago. Since then, NSC officials have been rewriting parts of it, responding to concerns that it did not make clear why previous cybersecurity efforts had failed and why the approach favored by this White House makes more sense.
What that approach will be is the subject of serious speculation.
Almost certainly, another "czar" will be created, with staff, and
reside in the executive office of the president. That's a mere detail,
though, when compared to other questions: does the $50 billion or so
that the government plans to spend each year on cybersecurity come from
the Pentagon's budget? if so, who controls it? Will the new
cybsercurity director be like the "drug czar" and posess a title with
little power? Or will the new position take on the structure of the
Office of the Director of National Intelligence, which has some budget
authority and what the feds like to call "programming power" -- the DNI
can point his finger at a problem and direct government resoruces to it.
It's been widely reported that Lt. Gen. Keith Alexander, the Director
of the National Security Agency, will recieve his fourth czar by
jumping to the new U.S. Cyber Command. Though Alexander has insisted
that the NSA doesn't want to be the cybersecurity cop, he also wants to
co-locate the cybercommand at NSA headquarters and would people his
command by borrowing from existing NSA resources. Conversely, the
Department of Homeland Security, the logical office from which to run a
domestic cybersecurity task organization, doesn't have a good record of
managing new initiatives like this.
Some hybrid is likely; the Pentagon will control large swaths of the
budget; the DHS might pay for the salaries of domestic employees; the
White House will probably want to retain as much centralizing authority
as possible.
That's one reason why the identity of the new cyber security chief will
be so key. This person will have credibility among all stakeholders --
the tech industry, civil liberties groups, the military, international
organizations -- and will have to have the bureaucratic knowhow to
force everyone to work together.
The White House has big plans for cybersecurity, and some will be
controversial. At some point, they'll want this new cyber security
entity to obtain the authority to shut down servers or websites that
pose a systemic risk. Without a good system in place, without a good
person to run that system, the chances for abuse, waste and failure are
high.
And that's why the White House is reviewing the review so carefully.
The U.S. Government cannot succeed in securing cyberspace in isolation, but it also cannot entirely delegate or abrogate its role in securing the Nation from a cyber incident or accident. Here are the details of Obama's plan http://personafile.com/PXew