When it comes to the Obama administration’s promise to get a handle on cybersecurity, be prepared for some turf wars, a panel of experts warned recently at the National Press Club in Washington, D.C.
The administration recently released a 60-day comprehensive “clean-slate” review of the nation’s vulnerabilities in cyberspace.
Among the recommendations is the creation of a “cyberczar,” who will presumably be in charge of the government’s efforts to protect its networks from attacks.
James Bamford, the author of several books on national security, said observers have been disappointed that the position will be relatively toothless. Of most concern is whether the cyberczar will have any influence over budget decisions. Melissa Hathaway, acting senior director for cyberspace at the White House, said earlier this month that the scope of the cyberczar’s powers has “yet to be defined” but that she expects the new office will have the “ability to affect budgets.”
Bamford does not believe that the cyberczar office will have much real power. The National Security Agency is the 800-pound gorilla that no one wants to acknowledge, he said.
The director of the NSA will serve as the Defense Department’s leader within U.S. Strategic Command’s new Cyber-Defense Command. Army Lt. Gen. Keith B. Alexander currently leads the agency.
Bamford said military leadership may end up clashing with the cyberczar if he or she isn’t given the authority to say “no” to the NSA’s efforts.
This all brings up questions of privacy, especially in light of NSA’s warrantless eavesdropping program it established earlier in the decade. The organization has the people, equipment and know-how to carry out this task, said Bamford, who has written several books about NSA. “The problem is a lack of oversight,” he said. He recommended that the new czar have a deputy that comes from the civil liberties world.
Former Rep. Thomas Davis, R-Va., said the crucial question about the cyberczar position is “how much real authority are they going to have?”
The turf battles will most likely extend to Congress where committees overseeing the armed forces, homeland security, financial services and intelligence all believe they have jurisdiction on cybersecurity.
“And none of them have any say without the appropriators … It all becomes very, very complex,” said Davis.