On May 29th of 2009, President Obama declared: “It’s now clear that this cyber threat is one of the most serious economic and national security challenges we face as a nation.” At FOSE this year, FBI Deputy Assistant Director, Stephen Chabinsky gave this ominous statement, “Cybercrime and cyber terrorism could be a game changer and thus represent an existential threat to our nation.”
With such strong words, you’d think that the Feds would have their act together on all things cybersecurity. Unfortunately, you’d be wrong. Speaking at the Interagency Resource Management Conference this week, Cybersecurity Coordinator Howard Schmidt reinforced this bad news. Schmidt’s wake up call pointed to the fact that the Federal government:
If you aren’t scared and angry right now, you should be. Since 2001, the Federal government has spent billions of dollars on cybersecurity yet these basic problems remain. Heck, we’ve spent hundreds of millions on the Einstein project, an uber network security monitoring technology effort, yet we aren’t doing basic intrusion detection. Ay, ay, ay!
Schmidt, a security veteran is clearly frustrated by what he is finding. The rest of us should be outraged.
Let’s hope that the President, Congress, DHS, DOD, and NSA can get its act together and fix these problems under Schmidt’s capable leadership. If not, we may be in serious trouble.
Tags: cybercrime, Cybersecurity, Cybersecurity coordinator, DHS, Federal Government, Howard Schmidt, President Obama, Stephen Chabinsky Posted in Uncategorized | 1 Comment »
Yesterday the Office of Management and Budget (OMB) announced that it will no longer pursue the Trusted Internet Connect (TIC) initiative first announced in November 2007. TIC was considered one of the cybersecurity efforts making up the Comprehensive National Cybersecurity Initiative (CNCI) which was born out of National Security Presidential Directive (NSPD) 54 and Homeland Security Presidential Directive (HSPD) 23 in January 2008.
Unless you are somewhere between Foggy Bottom and Independence Ave. SE you are probably confused by all of these acronyms so allow me to explain.
Back in 2007 there were thousands of Internet connections across the Federal government. This was viewed as a tremendous problem since each connection was a potential ingress point for malicious code and hacker attacks. TIC proposed a simple solution to the problem — decrease the number of Internet connections to as few as possible and then secure the heck out of the remaining connections.
I believe the ultimate goal was to reduce the thousands of Internet connections to something like 50. Throughout 2008 and 2009 the Feds boasted about the tremendous progress they were making.
Okay now fast forward to yesterday. OMB throws the TIC baby out with the bath water and announces that it will no longer reduce the number of Internet connections but rather improve security requirements at all Internet ingress/egress points. OMB goes on further to say that the number of Internet connections in 2010 was roughly the same as in 2007. Diane Gowen, SVP of Qwest Government Services summed this up as follows: “Despite the whole TIC Initiative, there are probably as many points of Internet connection as there used to be. The new administration is less concerned with the number, and more concerned about getting them protected.”
Back in 2007, many security professionals (including me) thought that TIC was completely misguided because:
The crime here is that it took 3 years and tens, if not hundreds, of millions of taxpayer dollars to ramp up TIC — and then totally reverse course. Someone should be held accountable.
I predict that the next shoe to drop will be some type of pull-back from the Einstein Project — a DHS/US Cert/Carnegie Mellon science project that could have easily been built with commercially available software from ArcSight, NetWitness, Nitro Security, Q1 Labs, RSA or dozens of others.
I’m sure President Obama’s Cybersecurity Coordinator, Howard Schmidt, is rolling his eyes at these recent events and the demise of TIC. Let’s hope he introduces some pragmatism into high priced Federal cybersecurity plans before we waste another few hundred million.
Tags: CNCI, Comprehensive National Cybersecurity Initiative, Cybersecurity, Cybersecurity coordinator, Federal Government, Howard Schmidt, OMB, President Obama, TIC, Trusted Internet Connect Posted in Uncategorized | 4 Comments »
There is little doubt that President Obama and the 111th congress are prioritizing cybersecurity initiatives.
The President outlined his plan last May and appointed Howard Schmidt as his Cybersecurity Coordinator late last year. As for the 111 congress, it passed the Federal Data Breach Bill (H.R. 2221) earlier this year and just last week the House passed the Cybersecurity Enhancement Act (H.R. 4061) by an overwhelming vote of 422 to 5.
Just what is the Cybersecurity Enhancement Act? The bill is really focused on cybersecurity research, development, and training. Agencies participating in the National High-Performance Computing Program must provide the congress with a cybersecurity research plan, update an R&D implementation plan annually, and create new plans every three years. Additionally, the bill funds NSF cybersecurity scholarships in exchange for post graduation government service. The bill also seeks to build cybersecurity collaboration between academic, government, and International institutions and pushes the development of technology standards for cybersecurity.
On balance, this is a good bill that certainly heads in the right direction. That said, I have a few suggestions for fine-tuning this bill as it moves along:
One other note about the legislation: The stipulation that calls for a new R&D plan every 3 years is misguided. Security threats change on a weekly basis so three years is far too long a timeframe.
With all of my suggestions aside, I applaud the 111th congress for truly collaborating on this important legislation. I strongly urge the Senate and President to fast track this bill.
Tags: Congress, Cybersecurity, Cybersecurity coordinator, Federal Government, H.R. 2221, H.R. 4061, House of Representatives, Howard Schmidt, NIST, President Obama, Senate Posted in Uncategorized | No Comments »
To quote former President Gerald Ford,”our long national nightmare is over.” After his famous Cybersecurity policy speech in late May, President Obama has finally tapped Howard Schmidt to become the nation’s first Cybersecurity Coordinator. Schmidt will report to the National Security Council (NSC) and National Economic Council (NEC).
Is Schmidt the right person for this job? No question. Schmidt has a perfect public/private sector resume with experience at US-CERT, DHS, the U.S. Air Force, the White House, Microsoft, and eBay. He is also a well respected father figure in the security industry.
Schmidt’s appointment makes sense though it did come as a bit of a surprise. One would have assumed that Schmidt’s name was on the short list back in May. My guess is that Schmidt turned down the job at first but when the President struggled to fill this position (rumor has it that RSA’s Art Coviello, Symantec’s John Thompson, and Microsoft’s Scott Charney turned it down), Schmidt decided to take the job out of a sense of duty and service to the country.
The President is scheduled to formally introduce Schmidt today and my hope is that Howard starts his new gig tomorrow. Believe me, I’m not joking here. On day one, Schmidt must begin to address several major challenges such as:
This is just the proverbial tip of the iceberg, Schmidt deserves kudos for taking on this nearly impossible job. Have a happy holiday Howard and thank you for stepping up to this challenge.
Tags: Cybersecurity, Cybersecurity coordinator, DHS, DOD, Federal Government, NSA, US-CERT Posted in Uncategorized | No Comments »
President Obama had it right when he said that he would make cybersecurity a priority of his administration. That was back in May and things have progressed since then. For example, just last week, DHS Secretary Janet Napolitano cut the ribbon on the new the National Cybersecurity and Communications Integration Center (NCCIC), a new cybersecurity command-and-control data center in Arlington, VA.
That said, a visible gap in the President’s plan remains. At his press event in May, the President promised to appoint a cybersecurity coordinator as a member of the National Security Council (NSC) and National Economic Council (NEC). Unfortunately, this position remains open.
Over the past few months, the cybersecurity coordinator position has become a proverbial political football. First, the Bipartisan House Cybersecurity Caucus sent a letter to the President urging him to fill this role as soon as possible. This advice has since been echoed by Representative Yvette Clark (D-NY) and the tech industry group TechAmerica.
While the pressure on the President mounts, others on Capitol Hill are also chiming in. Senator Joseph Lieberman (I-CT) agrees that the cybersecurity coordinator role should reside in the White House, but the Senator plans to introduce a bill that specifies the cybersecurity coordinator’s role and wants to require a Senate confirmation for the individual. Meanwhile, Lieberman’s colleague Senator Susan Collins (R-ME) has been extremely vocal in her opposition to this plan. She believes that the cybersecurity coordinator should report into DHS and not the White House.
Note to Washington: Political wrangling like this is exactly why most Americans remain cynical–it seems like Washington is the place where critical issues go to die.
Personally, I believe that the cybersecurity coordinator needs to be in the White House and extremely visible to the president — not buried in the biggest bureaucracy in the land — but that’s my opinion. Aside from this, however, I believe we need to appoint a cybersecurity coordinator ASAP and then make adjustments to this person’s responsibilities, relationships, and reporting structure over time. Cybersecurity is a critical issue that needs immediate attention, not more debate and analysis.
Two other notes to Washington:
Tags: Cybersecurity, Cybersecurity coordinator, DHS, Federal Government, President Obama, Senator Joseph Lieberman, Senator Susan Collins Posted in Uncategorized | No Comments »
Your email: