Director of Federal Cybersecurity resigns over NSA dominance

/

Chicago (IL) – The Director of Federal Cyber Security has resigned after being on the job for a period of less than a year. His position was created in an effort to protect military, civilian, and intelligence networks. His resignation letter cites a lack of both funding and support in addition to an over-reliance on the National Security Agency (NSA) and its attempts to dominate the agencies cyber security efforts.

Rod A. Beckstrom, former Silicon Valley entrepreneur, was appointed to lead the National Cyber Security Center (NCSC), which was designed to protect computer networks from organized attacks by cyber criminals. The NCSC was developed by the Bush administration shortly after the launch of the “comprehensive nation cyber security initiative,” which was a classified effort designed to aid in the shielding of government networks from cyber attacks. In 2009 the program is expected to cost $6 billion, and could potentially be as expensive as $30 billion over coming years.

Beckstrom felt that it was necessary for him to resign because he believes giving the NSA a dominant role in the security efforts is/was a horrible strategy.

In his letter of resignation, which was published by the Wall Street Journal, he wrote: “[The] NSA currently dominates most national cyber efforts. While acknowledging the critical importance of NSA to our intelligence efforts, I believe this is a bad strategy on multiple grounds.” He also stated that, “threats to our democratic process are significant if all top level government network security and monitoring are handled by any one organization (either directly or indirectly). During my term as director we have been unwilling to subjugate the NCSC underneath the NSA. Instead, we advocated a model where there is a credible civilian government cyber security capability which interfaces with, but is not controlled by, the NSA.”

Beckstrom’s letter outlined the fact that his group only received five weeks of funding, and delivered a mere three staff members and two individuals detailed from other agencies.

While interviewing with the Washington Post, Beckstrom stated that he’d made the decision to leave ten days ago after he found out that orders for computers, furniture, office supplies, and office space in Arlington network equipment for his group were cancelled.

Even without the necessary funding, the team was able to achieve success. For example they built the foundations of a web based system which would be utilized to share cyber threat and intelligence data between various partners and departments of the Department of Defense.

Beckstrom’s resignation will focus attention on a 60-day review that’s currently going on to examine the national cybersecurity efforts. This official review is being conducted by Melissa Hathaway, an official from the Bush administration, who works as a cyber-coordination executive for the Office of the Director of National Intelligence Comprehensive National Cyber Security Initiative, or CNCI, at the request of President Obama.

Beckstrom’s last day will be on March 13. There is no indication as to what he will do next.

TG Daily has included the full text of his resignation letter here:

March 5, 2009

Secretary Janet Napolitano
Department of Homeland Security (DHS)
Washington, DC

Dear Secretary Napolitano,

I hereby tender my resignation as the Director of National Cybersecurity Center (NCSC) effective Friday, March 13, 2009. In my place I recommend you appoint our capable Deputy Director, Ms. Mary Ellen Seale as Acting Director.

As the Secretary of DHS, you have the direct responsibility for the nation’s cyber security. The NCSC is your only national body created to fulfill your responsibility to protect networks across the civilian, military and intelligence communities. It is the group responsible for pulling together the composite operating picture and situational awareness across government, and has the only national coordination authority on cyber security issues.

The NCSC is now prepared to build out of this capability for you, but the NCSC did not receive appropriate support inside DHS during the last administration to fully realize this vital role. During the past year the NCSC received only five weeks of funding, due to various roadblocks engineered within the department and by the Office of Management and Budget.

NSA effectively controls DHS cyber efforts through detailees, technology insertions, and the proposed move of NPPD and the NCSC to a Fort Meade NSA facility. NSA currently dominates most national cyber efforts. While acknowledging the critical importance of NSA to our intelligence efforts, I believe this is a bad strategy on multiple grounds. The intelligence culture is very different than a network operations or security culture. In addition, the threats to our democratic processes are significant if all top level government network security and monitoring are handled by any one organization (either directly or indirectly). During my term as Director we have been unwilling to subjugate the NCSC underneath the NSA. Instead, we advocated a model where there is a credible civilian government cyber security capability which interfaces with, but is not controlled by, the NSA.

As one commander said “You know you’re over the target when you’re taking flack,” and we have been taking our share. We have viewed this as a sign that we are on the right path. As such, with a tight team of three staff and two detailees, we have thrived. We are proud of the progress the NCSC team has made:

o We succeeded in completing our Concept of Operations (CONOPS) and Implementation Plan with both Cabinet Level and Presidential approval.


o We developed a healthy working group of the seven directors of the national cyber security centers who form the NCSC Coordination Council.


o We developed a new economic model for valuing networks and cybersecurity, which can support the development of more effective cyber policies for years to come. The model describes the incentive structure for various participants in the system, including hackers. It can be used to develop better policies for deterrence, supply chain management, as well as provide an overarching framework for ranking the benefit of all major cyber projects.


o We supported the Department of Defense (DoD) in their quest to develop a world class Web 2.0 cyber operations platform. We helped DoD find the best software developers in the world for this ambitious project and DoD successfully engaged them. The resulting collaboration platform can be used by cyber centers as well as network operators and security groups across government.


o We helped the DHS Privacy Group tap one of the world’s foremost experts in advanced privacy and anonymity technology. He has a unique ability to build bridges between privacy groups on the one hand and law enforcement on the other, and could help turn those bridges into new national standards. Despite my departure, I sincerely hope this important effort will move forward.


o We introduced concepts of game theory to cyber diplomacy.


o We created a vision for a new National Cyber Center which could function as a fusion center for state, local and tribal governments as well as the private sector and other Federal parties. We found an ideal potential location — the world’s largest internet operations center, located in the Dulles Technology Corridor. It is now available to be leased.


o We contributed to the national thinking of cybersecurity.


o We presented new cyber concepts to more than 10,000 people at 40 events.


I believe the accomplishments listed above are significant, but imagine how much more the NCSC can do moving forward with appropriate resources.

In closing, I wish to express my gratitude. The DoD, through the Joint Chiefs of Staff, DISA, OSD and the JTF-GNO, has been extremely supportive of the creation of the NCSC. Their support was critical to each of the items above. I am also grateful to those in DHS and across the interagency community who did lend their support for our effort, and to the cyber security center directors who supported us.

I wish you the best of luck in your extremely important new job. It has been an honor to server our Federal government and I look forward to returning some day.

Warmly,

//s// Rod Beckstrom

Rod Beckstrom
Director
National Cybersecurity Center (NCSC)

Cc:
Robert M. Gates, Secretary of Defense
Eric H. Holder, Jr., Attorney General
James L. Jones, National Security Advisor
Dennis C. Blair, Director of National Intelligence
James E. Cartwright, Vice Chairman of the Joint Chiefs of Staff

Recent Posts