Tuesday, April 21, 2009

NSA Doesn't Want to Do Cyber Security Alone

Putting an intelligence (spy) agency in sole charge of all government computer and network security would be a lousy idea. Each agency head needs to run their own program and be held accountable to it by outside audits.
NSA Chief Doesn't Want to Do Cyber Security Solo - PC World | Technology News and Updates
"The National Security Agency doesn't want sole responsibility for running U.S. cyber security, the agency's director said Tuesday.

Speaking at the RSA security conference in San Francisco, NSA Director Lieutenant General Keith Alexander said that any effort to keep U.S. and government networks safe would be a group effort, rather than a centrally managed operation.
. . .
The NSA director said that security guru Bruce Schneier was right, when just minutes earlier he had told the audience that "nobody" should be in charge of cyber security. "A top-down somebody's-in-charge model is not the right model," Schneier said.

In an interview Tuesday, Beckstrom said that he was happy to hear the NSA saying it didn't want to run U.S. cyber security, and was encouraged to see a discussion of the question of how much power the NSA actually wields. He said that agencies like the FBI and U.S. Department of Homeland Security, even the U.S. Department of Commerce, need to get more funds in order to take an active role in cyber security. "There needs to be a balance of power," he said. "I think the budgets are lopsided.""

Computer and network security needs to become part of the fabric of public and private business, just like proper accounting and personnel are. Policy should be set at the top levels, but it needs to be executed from the bottom up.

No comments: