Obama hints at cybersecurity shake-up with review

In a move that could reshape the federal government's cybersecurity efforts, President Obama on Monday said a former Booz Allen consultant would conduct an immediate two-month review of all related agency activities.

The announcement indicates that the White House's National Security Council may wrest significant authority away from the U.S. Department of Homeland Security, which weathered withering criticism last fall for its lackluster efforts.

Obama selected Melissa Hathaway, who worked for the director of national intelligence in the Bush administration and was director of an multi-agency "Cyber Task Force," to conduct the review with an eye to ensuring that cybersecurity efforts are well-integrated and competently managed.

"The president is confident that we can protect our nation's critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties," said John Brennan, the president's homeland security adviser.

National Security Advisor Jim Jones, who may expand his department's cybersecurity portolio as a result of new 60-day review.

(Credit: NATO)

Hathaway's appointment comes as Obama plans to overhaul the National Security Council, expanding its membership and effectively centralizing more decision-making in the White House staff. That would vest more authority in a staff run by James L. Jones, a former Marine Corps commandant who warned at a speech in Munich over the weekend that terrorists could use "cyber-technologies" to cause catastrophic damage.

During a panel discussion that CNET News wrote about last fall, Hathaway defended Homeland Security's efforts to develop what it called a National Cyber Security Initiative, saying there was "unprecedented bipartisan support" for it.

"Over the past year cyber exploitation has grown more sophisticated, more targeted, and we expect these trends to continue," she added. "Our cybersecurity approach to date has not kept up with the threats we've seen."

"She's great," James Lewis, a senior fellow at the hawkish Center for Strategic and International Studies, said of Hathaway. "She was one of the people who was making things work in the Bush administration...It is getting a high level attention at the deputy level of the NSC, but I don't think they've figured out what they want to do. I see it as kicking the can, with the potential to eventually bury the issue."

What remained unclear on Monday is the breadth of the review: Will it be inward-looking, designed to make an existing governmental apparatus run more efficiently? Or will it look outside the federal government too, and yield recommendations or regulations aimed at telling U.S. companies how to run their businesses? (Many companies on the receiving end of such a process may, of course, find it rather ill-advised.)

The origin of the Feds' cybersecurity headaches can be found in the process that led to the creation of Homeland Security nearly seven years ago. Politicians in Washington, D.C. decided to decided to glue together a medley of federal agencies to create a massive bureaucracy that would, as one of its new goals, provide a better focus on cybersecurity.

"The department will gather and focus all our efforts to face the challenge of cyberterrorism," President Bush said when signing the 500-or-so-page bill into law in November 2002. "This department will be charged with encouraging research on new technologies that can detect these threats in time to prevent an attack."

Some tasks might benefit from centralization in a sprawling bureaucracy. But it soon became evident that cybersecurity was not one of them. By 2005, government auditors concluded that the department failed to live up to its cybersecurity responsibilities and may be "unprepared" for emergencies; as recently as last fall, DHS Secretary Michael Chertoff said his agency needed to develop a plan to respond to a "cybercrisis."

That led some outside groups to argue that cybersecurity efforts should be taken over by the National Security Agency, which already is responsible for protecting government computers through its "information assurance" arm, or perhaps the White House staff.

The White House announcement on Monday said Hathaway will conduct an "immediate Cyber Security Review." Left unsaid, though, is that a "National Cyber Security Review" was already part of Homeland Security's official plan--finalized in April 2007, nearly two years ago.

CNET's Stephanie Condon contributed to this report.

[jblogg]

Speaking of cybersecurity, my firm had a bit of a shakedown after someone used instant messenger to send files to a competitor. We shifted from a public IM client to a custom app through Brosix.com. A competitor (or time-wasting friends) would need to have a copy of our version of the IM client and access to our servers.

Wouldn't surprise me to see shifts away from publicly available productivity tools, like instant messenger, to privately developed apps.

Nice work, Declan. Can't help but giggle at the Jim Jones connection :)

[littlezahn2]

Someone in the white house has been watching "24" lately.

[Commander_Spock]

This article states in part: re: "[... The announcement indicates that the White House's National Security Council may wrest significant authority away from the U.S. Department of Homeland Security, which weathered withering criticism last fall for its lackluster efforts...]" If yours truly was President Barack Obama then the two entities ("the White House's National Security Council and the U.S. Department of Homeland Security") would continue to operate the way they are but with an hierarchical group similar to that of the U. S. Military Joint Chiefs of Staff but one which will include the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI) also. (a kind of British MI5, MI6.... setting more or less as the world is a really, really big place to monitor. And, the first place to start with the "cybersecurity exercises" would be - the banks... that has all the money (and, the business intelligence) while over three million workers in the United States of America have lost their jobs in recent years. This program will be called - "Putting America First"!

Live Long And Prosper!

"Once A Banker Always A Banker"!

Commander_Spock.

[Commander_Spock]

Now, read this "networkworld.com" and get an hint:

Re: "Largest Coordinated ATM Rip-off Ever Nets $9+ Million in 30 Minutes"!

http://www.networkworld.com/community/node/38366?netht=rn_021009&nladname=021009dailynewspmal

See, told ya so..... and, now it is all understood what was meant from the above comment. These ATMs must be those "Microsoft Widows and Linux" operated ones (re: "During the attack the bad guys reloaded (via their hack) the payroll cards as needed. When all was said and done it is thought that the thieves walked away with over $9 Million bucks in cold cash") as was reported somewhere some time ago. Wow!

[n3td3v]

It's a bad time, because Obama will beileve anything people tell him on cybersecurity because of course he doesn't actually know much about it.

There are actors in the infosec community that are taking us down a bad pathway, one that is full of corruption and deception by Mossad and CIA.

People like Gadi Evron for instance are pumping the infosec community full of propaganda.

[Commander_Spock]

Marxist theory suggests that it is around the "economic superstructure" that the political, social, educational, scientific... revolve. So, what do entities such as the "Mossad and CIA", MI5 & MI6^, the old Soviet KGB... bring to the world stage and one in which countries such as Iran appears eager to joint the space race when NASA's own Astronauts will soon be hitching rides with their Russian Space Buddies. Therefore, in the context of the above mentioned Marxist theory, the current world's financial and economic crises... what happens to the world when the oil wells run dry in an 100 years or more? What "cybersecurity" will be talked about then when there will be no electrical power to run the computer networks....

[Commander_Spock]

Also, remembering a certain statement in the "Bible" which states: "[..... BY THY SWEAT THOU SHALL EAT BREAD...." then, by today's standards with so many people in certain parts of the world (some African countries in particular) and so many in th United States of America struggling at the moment to keep food on the family table - what happens when the "world's food supplies" dwindles as was the case with North Korea...... while it pursued its useless and reckless nuclear ambitions; and now, the same could be said about Iran???

[Dalkorian]

I think Obama has a much better chance of understanding cybersecurity and creating a workable plan to deal with it than the previous misadministration ever hoped for, which had a better chance than that other choice we had - you betcha. The first promising sign is taking the responsibility away from the bloated and useless DHS.

[Endbringer]

Does the author realize that the Department of Homeland Security is part of the Executive branch, which is controlled by the President? it doesn't matter if it's moved to some new department or not, the Executive is in charge of it. Perhaps he needs to understand a little more about how our government actually works.

[Commander_Spock]

What perhaps should be reviewed are the cases in which there are overlaps, redundancies... and the need for "systems integration" ("A Wheel In A Wheel" kind of scenario) among the nation's various intelligence agencies.

[Dalkorian]

Spock is onto something here. The DHS is a useless beurocracy created by the former misadministration to hide the fact that they were woefully incompetent and to hand cushy jobs to their friends. The best move Obama could make to increase the effectiveness of our government is to completely disband/dissolve/get completely rid of all traces of the DHS, a hold back to an administration of failure, war and terror.

[Commander_Spock]

In addition to "[... the need for "systems integration" ("A Wheel In A Wheel" kind of scenario) among the nation's various intelligence agencies....]" Notwithstanding, let us take a look back at the reports of "NORAD's Fighter Pilots" who apparently were not sure where JFK International Airport was to be located shortly after the attacks on 9/11. Now, in this context let us consider what the "cybersecurity" scenarios involving several foreign countries (both friendly or hostile) will be when it comes to information sharing; and, the collaboration and coordination on'of activities.

[Commander_Spock]

BTW, re: "[....Notwithstanding, let us take a look back at the reports of "NORAD's Fighter Pilots" who apparently were not sure where JFK International Airport was to be located shortly after the attacks on 9/11. Now, in this context let us consider what the "cybersecurity" scenarios involving several foreign countries (both friendly or hostile) will be when it comes to information sharing; and, the collaboration and coordination on/of activities....]" With regards to effectiveness, preemption of attacks... and the integrity of the overall systems in place (both at the national and international levels) it will be prudent that there be "information sharing; and, the collaboration and coordination on/of activities...." in "REAL-TIME" and not after the incidents have occurred.
.

[Jonswift]

If anyone would like to know where their representative, or congress as a whole, stands on internet security and net neutrality and many other important issues in the 110th congress, visit sharp.sefora.org. There's a ton of useful information there.

[NationRH]

Firms like Brosix are the way to go as companies attempt to further provide security for their internal communications - especially as more companies both allow and promote instant messenger as a source of communication.