Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Cybersecurity Chief Beckstrom Resigns

Soulskill posted more than 5 years ago | from the take-this-job-and-shove-it dept.

Government 117

nodialtone writes with a Reuters report that Rod Beckstrom, director of the National Cybersecurity Center (NCSC), has tendered his resignation, citing clashes between the NCSC and the NSA with regard to who handles the nation's online security efforts. In his resignation letter (PDF), he made the point that "The intelligence culture is very different than a network operations or security culture," and said he wasn't willing to "subjugate the NCSC underneath the NSA." He also complained of budget roadblocks which kept the NCSC from receiving more than five weeks of funding in the past year. Wired has a related story from late February which discusses comments from Admiral Dennis Blair, director of National Intelligence, who thinks cyber security should be the NSA's job to begin with.

cancel ×

117 comments

Sorry! There are no comments related to the filter you selected.

good (0)

Anonymous Coward | more than 5 years ago | (#27105363)

good

Re:good (0)

Anonymous Coward | more than 5 years ago | (#27106601)

He works five weeks out of the year, and he's complaining?

Re:good (1)

Hurricane78 (562437) | more than 5 years ago | (#27107049)

Because he wants to work *more* than that.

Way to put a spin on it...

The latest as they go by (4, Funny)

Anonymous Coward | more than 5 years ago | (#27105367)

Security is like virginity...once compromised it is lost forever.

Re:The latest as they go by (0)

Anonymous Coward | more than 5 years ago | (#27113931)

And being a slashdot contributor you probably know a thing or two about retaining virginity.

another decent man leaves government in disgust (5, Insightful)

jmcvetta (153563) | more than 5 years ago | (#27105407)

From Mr Beckstrom's resignation letter: "In addition, the threats to our democratic processes are significant if all top level government network security and monitoring are handled by any one organization (either directly or indirectly."

Amen, brother.

Re:another decent man leaves government in disgust (-1, Troll)

ShieldW0lf (601553) | more than 5 years ago | (#27105499)

Clean up your fucking country already. If you don't, eventually, inevitably, the rest of us will do it for you, and you won't fucking like it.

Re:another decent man leaves government in disgust (2, Funny)

Anonymous Coward | more than 5 years ago | (#27105515)

Clean up your fucking country already

Says the man from the perfect, anonymous country.

Re:another decent man leaves government in disgust (4, Insightful)

jmcvetta (153563) | more than 5 years ago | (#27105529)

Clean up your fucking country already.

Some of us are trying to do just that...

Re:another decent man leaves government in disgust (1, Insightful)

Hurricane78 (562437) | more than 5 years ago | (#27107093)

Some of us are trying to do just that...

There's your problem. Why are you only trying. Say "I will do that."
Next thing you know is you imagining how you will actually be able to do it.

Now you "only" have to pull trough, and not lose your original intend on the way.

Of course it's hard work. But it all starts with the right mind set.
If they managed to be born, and drive the world in one direction, and you consider your self a more intelligent human, then you should in general also be able to do the opposite.

Problem is: It's still far from bad enough to make people do something against it. And keeping it sneaky is one of the main objectives of those who slip in the shit that the neocons did.
And I am no exception from this inaction. It's too deep inside our genes.

But I do change things. And I will change even more things. First those on top of my priorities, of course.

Re:another decent man leaves government in disgust (0)

Anonymous Coward | more than 5 years ago | (#27107435)

I think you could have made your post shorter and sweeter, just by quoting Yoda. Do, or do not, there is no try. Tell you the truth, after that part, it got boring. My problem isn't the way or the path or the force or the religious right. My problem right now involves one question. Why do we need 3 separate police forces to guard my town of approx. 120,000 people?

State, City, and County. All have jurisdiction anywhere they please. The city cops are routinely pulled to neighboring cities to pull shifts. I can be pulled over by other any other city's police officers, when I'm not anywhere near their city. Now, I don't mind being pulled over, or even arrested, so long as there is justice being served, but I do take offense to the fact that I'm paying city, county, state and federal taxes for a police force that is mainly funded by federal money. I don't know why we need the redundancy. This isn't Baghdad, this is Indiana, the crossroads of America. I'd like to find out. I want to know why it's so important for South Bend, IN to be locked down like a prison. Even in an economic meltdown, all they can do is milk us for speeding ticket money. I want to know why I see all three types of cars patrolling when I walk up the street only 3/4 of mile. I know we have had some crime in the recent past, but not enough to keep our streets saturated in cops at creepy, dystopian level. For God sakes, I walked past 3 little businesses at 1 in the morning. Each one had a police car sitting in it's parking lot with its engine running, waiting for speeders. I've lived here my whole life and we don't have that kind of speeding problem in this particular area. So I am led to wonder, is it right to pay police to set up triple speed traps in a place that is well regulated with traffic lights, using resources from three departments, at 1 a.m., on a night where there were so few events that I decided to take a walk rather than a drive. I also must add that this is only 1 mile north of the place they all used to post up and get donuts, and use as their speed trap for taking in gobs of money. They abused it so much in the past, that even my father, whom I have never seen pushing it past 2mph of the limit, received a ticket. The triple threat is more than just a federal problem. The threat is that with these alphabet agencies controlling everything from the top down, the corruption grows from the bottom to the top with very little intervention.

In the words of Biz Markie, "Come ON!"

Re:another decent man leaves government in disgust (0, Redundant)

Ihmhi (1206036) | more than 5 years ago | (#27108359)

The people who say "I will do that" are the kind who are already halfway up the clock tower stairs with a high caliber rifle.

Re:another decent man leaves government in disgust (0)

Anonymous Coward | more than 5 years ago | (#27110135)

The people who say "I will do that" are the kind who are already halfway up the clock tower stairs with a high caliber rifle.

brilliant. why does stuff like this get modded +5 funny? it's always the lame recycle xkcd memes that get voted up. anyway, hopefully witty people like you will keep posting on slashdot. i know i'm keeping an eye out for you when i get moderator points.

Re:another decent man leaves government in disgust (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27106147)

If you are a Brit, Aussie, Chinaman, or Middle-Easterner, Clean up your fucking country already - your surveillance worse than ours is.

If you are a German, Clean up your fucking country already - because you shit on each other for fun.

If you are a Frenchman, Clean up your fucking country already - you know they invented something called "deodorant". You should try it sometime.

If you are from India, Clean up your fucking country already - piss-covered streets and 5-armed babies aren't normal, you know.

If you are from Scandinavia, Clean up your fooking country already - sucking a horse's dick is a crime against nature, you know!

If you are from Africa, Clean up your fucking country already - Nah, nevermind. There's no hope for you.

If you are from Israel, Clean up your fucking country already - kick out all the Palestiniains.

If you are from Latin America, Clean up your fucking country already - we have enough of you cockroaches here.

Re:another decent man leaves government in disgust (-1, Troll)

MrNaz (730548) | more than 5 years ago | (#27106249)

None of those childish finger point "you're just as bad" quips come close to matching:

1. Running around the world like a rogue state starting wars of aggression in the name of geopolitical one upsmanship.

2. Starting a meaningless "war on terror" and railroading other countries into that same paranoid delusion resulting in the destruction of the last half millennium of democratic development in the Anglo-American world.

3. Arbitrarily toppling democratically elected leaders (before you go off refuting this, read up on the US interventions in South America such as Chile).

4. Reality television.

So yea, clean up your fucking country, esp point 4.

Re:another decent man leaves government in disgust (0, Troll)

pcolaman (1208838) | more than 5 years ago | (#27106425)

None of those childish finger point "you're just as bad" quips come close to matching:

1. Running around the world like a rogue state starting wars of aggression in the name of geopolitical one upsmanship.

2. Starting a meaningless "war on terror" and railroading other countries into that same paranoid delusion resulting in the destruction of the last half millennium of democratic development in the Anglo-American world.

3. Arbitrarily toppling democratically elected leaders (before you go off refuting this, read up on the US interventions in South America such as Chile).

4. Reality television.

So yea, clean up your fucking country, esp point 4.

If you are a Brit, than number 4 applies to your country even more so than the US. Brit Reality TV is even worse and such a blatant copy of our pathetic reality TV it's laughable. As far as Chile goes, it's fucking Chile. Who cares about them anyways?

Re:another decent man leaves government in disgust (4, Insightful)

nfc_Death (915751) | more than 5 years ago | (#27106895)

All of those points the UK has done either long before the US or worse than the US. In fact the UK does not even have anything in place to protect their citizens privacy. Albeit slightly crippled lately at least the US has that. Im a canuck and we're idiots too, at least we can admit it. Suffice it to say, so far all attempts at men leading men have failed utterly.

Re:another decent man leaves government in disgust (0, Troll)

MrNaz (730548) | more than 5 years ago | (#27109575)

I'm from South Africa.

Re:another decent man leaves government in disgust (0, Troll)

MrNaz (730548) | more than 5 years ago | (#27109585)

Oh, and I'm not white.

Re:another decent man leaves government in disgust (1)

nfc_Death (915751) | more than 5 years ago | (#27110223)

South Africa was part of the British Empire or the UK as it has become now. What exactly is your point again?

Re:another decent man leaves government in disgust (0)

Anonymous Coward | more than 5 years ago | (#27111201)

It is astonishing how poor your grasp of history is. Truly astonishing.

Re:another decent man leaves government in disgust (0)

Anonymous Coward | more than 5 years ago | (#27113467)

Suffice it to say, so far all attempts at men leading men have failed utterly.

Maybe we should let men lead themselves, and let the government merely provide for the common defense.

Re:another decent man leaves government in disgust (1)

Arancaytar (966377) | more than 5 years ago | (#27106969)

the rest of us will do it for you

The ratio of oil to WMDs in the States doesn't make a "regime change" very economically lucrative. :P

Re:another decent man leaves government in disgust (0)

Anonymous Coward | more than 5 years ago | (#27111405)

You're just jealous because your country SUCKS, JACKASS (or STUPID BITCH)!

Re:another decent man leaves government in disgust (1)

AliasMarlowe (1042386) | more than 5 years ago | (#27105535)

Was he cleared by the IRS or not?

Re:another decent man leaves government in disgust (4, Insightful)

PolygamousRanchKid (1290638) | more than 5 years ago | (#27105585)

Yeah, like, what happened to that concept of "Checks and Balances" that Founding Fathers thought up in a steamy room in Carpenter's Hall in Philadelphia?

So now the agency in charge of breaking security, and spying on people, should now be in charge of guaranteeing security?

I better check the latest release notes, it seems that "Checks and Balances" has now been deprecated.

Re:another decent man leaves government in disgust (4, Insightful)

Antique Geekmeister (740220) | more than 5 years ago | (#27105817)

No, that's Congress's and the Supreme Court's job. They haven't been doing it lately.

The reason for competing departments in the US Executive department is to provide a department willing to disagree, and possibly arrest or even shoot, members of the other department to prevent mutiny against the President's orders.

Re:another decent man leaves government in disgust (5, Informative)

lseltzer (311306) | more than 5 years ago | (#27106069)

They didn't think up checks and balances, they just implemented Montesquieu's theories in a more thorough and novel way than had been done. And it wasn't Carpenter's Hall, it was Independence Hall, then I think still called the Pennsylvania State House.

Carpenter's Hall (0)

Anonymous Coward | more than 5 years ago | (#27106271)

Carpenter's Hall is air conditioned now. Thankfully.

Re:another decent man leaves government in disgust (2, Insightful)

sgt_doom (655561) | more than 5 years ago | (#27106505)

Outstanding points all. While I have little faith in any US agencies at present, I do recall that the USAF Intelligence officially went on record, prior to the illegitimate Iraqi invasion by Cheney/Bush, as to their complete disagreement with Cheney's doctored CIA intel on the matter.

Also, awhile back when the USAF created its Cyber Security Command (or something like that), Cheney immediately shut it down.

Good recommendations all for the USAF being in charge of cyber security.....

Re:another decent man leaves government in disgust (0, Troll)

gtall (79522) | more than 5 years ago | (#27107361)

This was the same USAF that stated they were standardizing all their computing on Microsoft software. Security? Microsoft? No, it just cannot be done, not here, not anywhere, ever, no how...

Gerry

Re:another decent man leaves government in disgust (1)

wellingj (1030460) | more than 5 years ago | (#27107747)

"Democracy is two wolves and a lamb voting on what to have for lunch." -Benjamin Franklin

All security is distributed (1)

SpaceLifeForm (228190) | more than 5 years ago | (#27108927)

If there is one entity 'in charge', you don't have security.

You have a security hole.

Re:another decent man leaves government in disgust (2, Insightful)

mi (197448) | more than 5 years ago | (#27109351)

Also, awhile back when the USAF created its Cyber Security Command (or something like that), Cheney immediately shut it down.

And rightly so. Cyber security has nothing to do with flying planes, and so it did not belong to the US Air Force any more than to the Agriculture Department.

Yes, I am well aware that military branches have overlapping services (such as Marines having their own planes), but for USAF to have the main anti-hacking command — beyond what's needed to secure their own networks — would've been just wrong. See also "mission creep"...

Re:another decent man leaves government in disgust (1)

sgt_doom (655561) | more than 5 years ago | (#27114153)

OK - I am in agreement with all the posts, NO US government agency can be trusted in this matter.....(I just wanted to make those points about the soulless one, Cheney.....)

Re:another decent man leaves government in disgust (2, Insightful)

Mikkeles (698461) | more than 5 years ago | (#27106779)

'... threats to our democratic processes are significant if all top level government network security and monitoring are handled by any one organization... '

Like the government?

NSA = leaky pipes (0, Troll)

johnny cashed (590023) | more than 5 years ago | (#27105457)

If the NSA is "put in charge" (I fail to see how this occurs) then many, who presumably already do this, will just have their own secure networks. I'm sure the military branches use their own methods, which are even resistant to NSA spying. Individuals who are concerned can currently use their own encryption or other methods to best secure their networks (it isn't illegal). If the NSA is in charge, one can rest assured that the copy and archive everything they can. How big "everything they can" is depends on some technical limitations and possibly some sort of legal oversight, but I don't really know.

wrong (4, Informative)

SuperBanana (662181) | more than 5 years ago | (#27105543)

I'm sure the military branches use their own methods, which are even resistant to NSA spying

The entire point of the NSA is to secure government (and thus military) communications. DES, hello? That was developed so that the government could send shit privately, not for you and me.

The NSA takes charge of development of all the various devices used, and probably gives recommended policy and procedure too. For example, secure communications between embassies? That gear was designed by the NSA, as were the protocols for programming them. Same goes for the encrypted comms on military planes and whatnot. The military uses these fancy boxes to "load" encryption keys into radios and such- and assure their security, chain of custody, blah blah. NSA developed.

If you think the NSA has secret access and is running counter-ops or some bullshit like that, you've been watching too many bad movies and reading too many bad (Tom Clancy) novels.

Didn't see that coming.... meh (1)

zappepcs (820751) | more than 5 years ago | (#27105719)

Who here actually thought that these new posts by the new administration are more than puppets? Reinventing the wheel is stupid enough, and it has relatively few features. Reinventing security? WTF already.

The fact that the NSA has been working on this for some time and the results we've seen only highlight that the previous system was broken, no matter that it did produce some good results. Change is needed, but you can't make it happen by decree, it only looks like you did something when that happens and now you can blame who you want for the failure. This resignation may have been planned?

To think the NSA is not part of obscure security operations is fucking naive at best, dangerous at worst. When the people of the US have transparent oversight of all branches of government it might be okay to say such a thing. Till then such assumptions are dangerous.

Re:wrong (3, Insightful)

Anonymous Coward | more than 5 years ago | (#27105763)

And you are either making a joke or have not worked within the agency. The entire "point" of the NSA is certainly not just to secure communications. I believe the 17,000 interceptors I worked with would think otherwise...

Re:wrong (1, Funny)

Anonymous Coward | more than 5 years ago | (#27107547)

How is it that a former NSA agent posts as Anonymous Coward. To be on the forefront of the war on terror, we do not need cowards. I say this, of course, as an Anonymous Coward.

Re:wrong (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27105859)

Further, the NSA is the most anal organization when it comes to following USSID, the (secret) laws that restrict what they can collect. I trust the NSA more then any other government organization, now that I've worked with them.

Re:wrong (3, Insightful)

Ethanol-fueled (1125189) | more than 5 years ago | (#27106219)

What about those fiber splices and sekrit black boxes in the AT&T offices?

Either the so-called "rules" don't mean anything, or the NSA just has others break the law for them. Then Bush and Obama give those others immunity from prosecution.

I don't trust any agency with "security" in its name. Especially when they abuse their networks to commit industrial espionage among other dirty tricks.

Re:wrong (1)

ducomputergeek (595742) | more than 5 years ago | (#27107945)

Well, the DGSE has industrial espionage as one of it's chartered goals. Supposedly they spend about 25% of their resources on industrial espionage. Hate to break it to you, but if it's not the NSA, it's the DGSE, or MI6, or the FSB, or Mossad or (insert three letter agency here).

So to the think the NSA or the Untied States has some monopoly on using state intelligence services for corporate spying is rather naive.

The reality is there will always be those with power who will use it to their gain no matter what. And there is very little if nothing you can do about it. It's always been that way and always will be.

Re:wrong (0)

Anonymous Coward | more than 5 years ago | (#27108727)

What about ones with "intelligence" in their name? Or are all government agencies with acronoyms just oxymorons? Well, I guess USPS isnt.

Re:wrong (0)

Anonymous Coward | more than 5 years ago | (#27110295)

Remember if your poor or hurt the Committee of Public Safety will make sure your security needs are met. From guillotine the rich to putting our man in power, we support your destruction...I mean construction completely, just trust us...

  History all over again, I agree, security should not be in committee but in individuality.

Re:wrong (1)

sgt_doom (655561) | more than 5 years ago | (#27106545)

Gee whiz??? Would this be the same NSA, formerly directed by one General Hayden, who approached Congress immediately after 9/11/01 attacks for emergency funds, which he then used for the two top actions (this is public record, dood!):

1) Hiring a boatload of polygraph examiners, and

2) Hiring a bunch of new security guards.....

Re:wrong (1)

Ilgaz (86384) | more than 5 years ago | (#27107941)

Bin Laden is a wise guy not to use any kind of electronic communication. What guy uses for internal communications are actual donkeys and guys carrying handwritten notes. That is how all those multi billion state of art espionage satellites failed. There is no technology to trace a guy carrying a handwritten note in his pocket on Afghan mountains.

If he asked for polygraph examiners, it could be the reason.

Re:wrong (0)

Anonymous Coward | more than 5 years ago | (#27111063)

Which part of polygraphs not working do you not understand?

Divide implementation from development&regulat (3, Interesting)

Anonymous Coward | more than 5 years ago | (#27105545)

The current government cyber security system is broken by design. There is no way that one super organization can make every government network in the country secure. Each department and division in the government will have different needs. The only reasonable method to do this would be to have those departments and divisions implement their own security systems while the government at a whole creates a technology/advisory branch and a regulatory branch. Sort of like the DOE/NRC to nuclear reactor safety. The regulatory branch would audit the security (and potentially fine) the highest risk government agencies while the technology/advisory branch would be a big IT desk at which each department or branch could shop.

NSA Goals (1)

conureman (748753) | more than 5 years ago | (#27105667)

Perpetrate and facilitate are not high on an actual security agenda.

That's crazy talk! (3, Funny)

Tiger4 (840741) | more than 5 years ago | (#27105771)

"...director of National Intelligence, who thinks cyber security should be the NSA's job to begin with."

Geezus, the would be like putting the thieves in charge of the banks! Uhhh, wait...

Even crazier (0, Offtopic)

Colin Smith (2679) | more than 5 years ago | (#27106477)

Giving your money supply completely over to money lenders. Doh!

Security (4, Insightful)

Idiomatick (976696) | more than 5 years ago | (#27105813)

The US security system(s) always amaze me. OkOk so the military gets infantry, navy and special ops divisions. But in the US you guys have like at least 10 other organizations. And all of their objectives are vague. Why not just close/merge a bunch of them. CIA FBI NSA NCSC US SS DoH DIA NRA really I could just start picking random letters (and i'm sure there are more than i've listed). They each get like 10billion a year. You see the same things happening with science. Cept the total for science is like 30b instead of 100. Its kind of amazingly wasteful. Even assuming they worked together well with no overlap. It is hard for a government to properly overview that many pointless departments if you don't even know what they are supposed to be doing.

Re:Security (4, Informative)

Eravnrekaree (467752) | more than 5 years ago | (#27105951)

Having different independant departments with different focus s not a bad idea. One of the concerns about FEMA after the New Orleans incident is that it had been reduced from a cabinet level agency and perhaps had lost some of its focus on natural disasters. In government there is transparency, so that a government agency can avoid duplicating the work of other agencies and as well they can also cooperate. So having a larger number of agencies also can allow for checks and balances to happen as well, so you dont have all of your eggs in one basket. Its important to have several indepandent agencies that can monitor each other. Different departments may also have different specialisation and may better able to fulfill certain needs than others.

Re:Security (2, Insightful)

aztektum (170569) | more than 5 years ago | (#27106575)

We'd have all the transparency with much less expense to individuals if we didn't have to PAY for these federal agencies in the first place. Let us give the money to the state rather than this cluster fuck in D.C.. At most the fed should have an agency that acts as a liaison between states for interstate crime/commerce and establish a few frameworks for open commerce and things like patents/copyright/etc. Then focus on global affairs, defense, all that noise. Giving them the authority to police within a states borders is helping them consolidate central authority.

What needs to happen is people need to get the state governments to tell the feds to fuck off more regularly. The only recent thing I can remember where any states have said "No." is over Real ID. States like Cali, that pay 100's of billions in federal taxes and get a miniscule return from them need to tell Congress to get stuffed.

Re:Security (0)

Anonymous Coward | more than 5 years ago | (#27110191)

We'd have all the transparency with much less expense to individuals if we didn't have to PAY for these federal agencies in the first place. Let us give the money to the state

Wait, so to eliminate duplication of effort at the federal level... you want 50 state agencies to duplicate efforts?

What needs to happen is people need to get the state governments to tell the feds to fuck off more regularly. The only recent thing I can remember where any states have said "No." is over Real ID. States like Cali, that pay 100's of billions in federal taxes and get a miniscule return from them need to tell Congress to get stuffed.

Lincoln pretty much killed that idea the last time the States wanted to go in a different direction than the Federal government. Agree or disagree, the feds will drag you down the path they want to go, regardless of party affiliation.

Fun political note: Taxes, as a percent of GDP, were higher at the beginning of the last 3 Republican presidents than the last three Democratic Presidents at the end of their terms.

Re:Security (0)

Anonymous Coward | more than 5 years ago | (#27113739)

No the problem with FEMA was you had a crony running it who's last job was running a horse show.

Re:Security (1)

solafide (845228) | more than 5 years ago | (#27105975)

Thank the Lord, the NRA is a non-governmental organization. Unless you're talking about the National Recovery Administration, which has nothing to do with the CIA.

Re:Security (1)

Idiomatick (976696) | more than 5 years ago | (#27106083)

National Reconnaissance Association not gunnns are goood

Re:Security (2, Informative)

l00sr (266426) | more than 5 years ago | (#27106115)

OP probably meant the NRO [wikipedia.org] .

Re:Security (1)

Horse Rotorvator JAD (834524) | more than 5 years ago | (#27106021)

A small specialized organization can do its job much better than a large all encompassing bureaucratic organization.

Re:Security (1)

Sfing_ter (99478) | more than 5 years ago | (#27106039)

Because, where would the drama be if we did not have this redundancy?

Putting it in the hands of one agency is bad - giving it to legislators is bad too - this is where I hope we get some transparency, if there are threats we need to know, it is OUR country, all of ours, not just those 'elected' to represent us. Those that for some reason think that makes them ABOVE us.

Re:Security (2, Informative)

Anonymous Coward | more than 5 years ago | (#27106067)

Why not just close/merge a bunch of them. CIA FBI NSA NCSC US SS DoH DIA NRA really I could just start picking random letters (and i'm sure there are more than i've listed)

One of the key reasons that there are so many agencies is that there is a clear dividing line in US law between the military and civilian agencies. These agencies were divided because the goal was to have the military worry about external military threats while civilian agencies handled internal threats and non-military external threats. This division is a positive defense against making the US a police state or giving the military too much power. It costs more money, but it also restricts mission creep. And the last thing you want is an agency with military power experiencing mission creep. The mission creep of our civilian agencies during the "War on Terror" was frightening enough (which leads me to think that we need another division between civilian agencies that handle internal threats and agencies like the CIA that handle non-military external threats).

Historical accident, not design (1)

DragonHawk (21256) | more than 5 years ago | (#27107595)

"One of the key reasons that there are so many agencies is that there is a clear dividing line in US law between the military and civilian agencies. "

It has a lot more to do with historical accident than separation of powers. The agencies each formed from different power bases, with slightly different but overlapping missions, and have grown into institutions.

DHS is a *great* recent example. DoD, NSA, CIA, FBI, NRO, NCSC... what, we didn't have *enough* agencies that were already supposed to be protecting us for threats? But there was a crisis, so the existing power base creates a new organization to solve all the problems, rather than trying to fix the existing organizations.

And frankly, the whole "military" vs "civilian" thing is fairly specious. If we're worried about abuse of government power, the fact that the NSA is a nominally "civilian" agency doesn't really matter. They can still abuse their power just as well. What difference does it make that their CO is a "Director" rather than a "General"?

I should state that I'm not an anti-government nut. I just think there's too much overlap in all this. The NSA, CIA, NRO, and Army/Navy/AF intelligence should all be one damn organization. When it comes to computer security, there should be one agency with authority and one set of rules and documentation. As it is now, we've got NSA, NCSC, DISA, DSS, CIA DCI, NIST, and each service's SAPCO each with their own way of doing things! It's insane! Should I be writing my security plan to NISPOM standards, or JAFAN, DCI 6/3, or NSA SNAC, or DISA STIG, or ...? And $DEITY help you if you want to use one information system for multiple government programs under different authorities!

Hell, there shouldn't be separate field command structures for Army vs Navy vs AF vs USMC. Do away with this Joint Command bullshit and put one damn power structure in place. But holy Internet gods, you suggest merging the service branch departments, and you get treated like you just suggested burning the Constitution and making the leader of the US Communist party dictator for life in place of the President.

Re:Historical accident, not design (1)

Monchanger (637670) | more than 5 years ago | (#27107781)

And frankly, the whole "military" vs "civilian" thing is fairly specious. If we're worried about abuse of government power, the fact that the NSA is a nominally "civilian" agency doesn't really matter. They can still abuse their power just as well. What difference does it make that their CO is a "Director" rather than a "General"?

Disobeying a corrupt director won't get you hanged. Generals wield far more power and are thus far more dangerous a threat to democracy than civilian chief executives. How common is it for a coup d'état to come from a minister of interior security?

Civilian vs military (1)

DragonHawk (21256) | more than 5 years ago | (#27107973)

"Disobeying a corrupt director won't get you hanged."

In fairness, disobeying a corrupt order will generally not lead to hanging. It likely will lead to a Court Martial, but if the order truly was corrupt, you'll be let off. Not that "I don't agree" does not make an order corrupt.

Still, I think you do make a fair point, so touche. Generals do command large forces with large weapons. The DCI commands a rather smaller force, most of whom don't have weapons, and most of those who do have much smaller weapons.

Of course, the CIA used to operate its own air force (the U-2 and SR-71 were originally CIA programs). Whether they still do, of course, is a matter of public speculation. :) But even then, the U-2 and SR-71 were never fitted with weapons systems. Well, not that the public knows about, anyway. Publicly, the SR-71 was intended to have the option of weapons capability; the option was simply never exercised. The neat thing about black ops is that there's always the possibility that they did something and just never told us.

"How common is it for a coup d'état to come from a minister of interior security?"

Well, since the "minister of interior security" in many authoritarian governments actually wields quite a lot of power, it's actually not uncommon. Look at the 1991 coup attempt in the USSR: That came from the KGB (Committee for State Security). The NKVD (KBG's predecessor under Stalin) likewise was the organization for administered the deaths or "disappearance" of millions of people.

But let's just look at the US (which, despite all its fault, is far from authoritarian). None of the organizations I named, aside from maybe the FBI, is concerned solely with interior security. Some of them are chartered explicitly to not be concerned with interior security.

But that itself is another fallacy: A great many security threats (I'm tempted to say the majority of them) know no border. So it's not practical to draw a line and say "this agency will only concern itself with interior threats". Sure, it would be nice to say the FBI should only concern itself with domestic cases, but the problem is that you generally don't know the full extent of the case until the case is solved.

Re:Historical accident, not design (0)

Anonymous Coward | more than 5 years ago | (#27110913)

Wait, NIST? You mean the guys who sit around and define the meter and mile and kilogram? ;)

Re:Security (1)

thethibs (882667) | more than 5 years ago | (#27106669)

Nice of you to include the NRA.

Re:Security (1)

chrisG23 (812077) | more than 5 years ago | (#27108397)

Here is a partial explanation on why all the agencies. I am not an expert but I have an account on Slashdot.

CIA - Limited to overseas espionage and intelligence. Does not have the capability to conduct a large scale military operation. Can do NOTHING* against U.S. citizens anywhere in the world, and can do nothing* against legal foreign nationals on U.S. soil.

FBI - Can enforce US Federal Law (which is different than state law, the FBI can do nothing to someone that breaks a state law unless it is also a federal law). Cannot operate outside of U.S. soil.

NSA - Responsible for cryptology and cryptography. Both with coming up with new secure ways to encrypt U.S. communications, and finding ways to compromise foreign countries' communications. Assists other agencies but is basicly independent.

NCSC - Not sure, part of the Department of Homeland Security, so it was probably created just because, along with the DOH.

SS? DIA? NRA?????

The military organizations are there to do the things that constitute an act of war against a foreign state. No regular US citizen is authorized to do so in the name of the US government. The CIA spies (on other countries, not on the US*), and spying could be considered an act of war I suppose, but every large nation-state does it to some extent and it seems like there is a defacto agreement to tolerate it, to an extent.

Would it be more efficient to combine these into larger units? Yes and no. Sometimes organizations work better when they are responsible for smaller tasks and handing off their work to other organizations to finish up, like an assembly line. It helps keep them focused, and assuming the communication channels are good between organizations it can be an effective way to do things. Other times its better to have an entire project from top to bottom done under one roof. I don't know enough about the organizations listed to come up with a definitively better way to structure them. The structure is the way it is now for a reason, and it may have been good reasons or it may have been bad reasons that led to it. Someone could probably write a book about this topic (and probably has already, many times over.)

*This is how it works in theory anyway. The former president and his advisor's or whoever decided the constitution of the United States has exceptions, and our congresspeople did not fight him on it like they should, and our citizens did not raise an uproar to our congresspeople like they should have, and in the end we deserve what we get, with a system like ours.

What we need (4, Interesting)

Eravnrekaree (467752) | more than 5 years ago | (#27105887)

There should be a focus and funding on implementing BGPSEC and DNSSEC since this is where many of the major vulnerabilities lie, and developing new and improved encryption systems and so on. The goal being to assure the internet is a platform of freedom of expression where some cannot oppress the viewpoints of others.

Re:What we need (2, Insightful)

TubeSteak (669689) | more than 5 years ago | (#27106251)

The goal being to assure the internet is a platform of freedom of expression where some cannot oppress the viewpoints of others.

From a national security point of view, being able to oppress the viewpoints of others is a feature, not a bug.

DNS and BGP are not the big problem (1)

DragonHawk (21256) | more than 5 years ago | (#27107633)

"There should be a focus and funding on implementing BGPSEC and DNSSEC since this is where many of the major vulnerabilities lie,"

Huh?

DNS and BGP are generally run by people who know what they are doing. While there are protocol vulnerabilities, they've historically been pretty resistant to attack. Compromises have been local and stayed local, like they should.

Compare that to the massive data breaches that major financial, health care, and government organizations have reported. Compare that to the hundreds of thousands -- if not millions -- of compromised home computers service as spam cannons and botnet members.

DNS and BGP are not nearly as big a concern as that.

Re:DNS and BGP are not the big problem (1)

Eravnrekaree (467752) | more than 5 years ago | (#27109175)

Actually it has gotten easier to hijack BGP and DNS and these vulnerabilities have been recently shown. So the network protecting itself from these attacks has grown more important. For instance, Pakistan and its global youtube reroute.

Re:What we need (1)

themassiah (80330) | more than 5 years ago | (#27107851)

Their is indeed a national focus (mandate, really) to implement DNSSEC on all internal DNS mechanisms in the .GOV domain by some arbitrary date. Unfortunately, it's one of those famous Bush unfunded mandates. A deadline with checkpoints and costs, but no money to cover those costs. I'm working at one of those 3-letter-agencies that is helping lead the way on DNSSEC in the government space, but their is SO MUCH RED TAPE and so little time to negotiate it.

What's the need for new cryptosystems? (1)

jonaskoelker (922170) | more than 5 years ago | (#27111041)

developing new and improved encryption systems

Really? What I hear people say at various security conferences is that you don't go through the crypto, but around it. You scan the guy's disk for things that looks like a password, then you try all of them. Or you do a timing attack. Or you...

None of it breaks the mathematical properties of the encryption function. Why do we need new mathematics?

Re:What we need (0)

Anonymous Coward | more than 5 years ago | (#27113943)

People just don't get it WRT BGP security (BGP is interface to interface). The issue was never security it was always one of sanity based filtering of announcements by peers.

DNS Security is a great idea long as it doesn't overwhelm our root DNS servers (~5x load) The existance of such an incredibly large trust anchor should be raising alarms about how secure such a system would actually be in practice. Someone somewhere will have the keys to huge swaths of the kingdom. Its not such a strech to imagine this list would end up including several three-letter-agencies throughout the world.

I'm actually of the impression DNSSec is overkill and we have it more right now currently then we do wrong. On DNS in my opinion if we can prevent mearly passive MITM via anon DH or similiar technology that is "good enough".

The idea WRT to security on the Internet should always be to toss the idea of the Internet itself ever being secure. Security related goals should mearly be twoard keeping the system operationally sound. Guaranteeing security is a lost cause without turning the network into a place many of us would not like to be.

The end-end security solutions layered on top of IP and naming systems would be best positioned to pick up the remaining slack by leveraging specific facets of mutual trust when establishing secure communications over untrusted pipes.

So? (3, Insightful)

PingXao (153057) | more than 5 years ago | (#27105999)

Sounds like a good position to eliminate completely. Take the whole DHS with you on the way out the door. And possibly a good chunk of NSA too.

Can't really blame him... (4, Informative)

John Pfeiffer (454131) | more than 5 years ago | (#27106151)

When blueprints and stuff for Marine 1 show up in Iran because some contractor wanted to download Britney Spears mp3s, yeah. I'd throw my hands up and walk away too. Things are only handled as intelligently as the dumbest person involved, and the leading cause of aneurism these days is having to deal with dumb people.

I'm confused... (0)

Anonymous Coward | more than 5 years ago | (#27106155)

and am probably not the only one who is.
First we have, "The NCSC is your only national body created to fulfill your responsibility to protect networks across the civilian, military, and intelligence communities."
Next, "In addition, the threats to our democractic processes are significant if all top level government network security and monitoring are handled by any one organization (either directly or indirectly)."
But, the point of having DHS focus primarily on civilian government networks and NSA and the intelligence community as whole focus on military network and their networks respectively, seems to make sense. This setup would probably require a very close working relationship between interested parties.
Also, there was a ton of news about the DHS getting $355 million [sans.org] in cyber security funding last week.

Silly me to respond to an Anon-type (1)

sgt_doom (655561) | more than 5 years ago | (#27106569)

For the record, the NSA concerns itsel with ALL intel, not simply military. In fact, the majority of its intel covers both corporate, commercial as well as civilian....

NSA? (1)

phillymjs (234426) | more than 5 years ago | (#27106157)

You know, I could have joined the NSA, but they found out my parents were married.

~Philly

Re:NSA? (1, Insightful)

Anonymous Coward | more than 5 years ago | (#27106231)

That's a quote from sneakers. Quotes are usually quoted to indicate that you aren't the originator. (it's a good quote though, and apt) though more apt is the follow up line which which the agent informs marty that the NSA doesn't have a domestic charter. (too lazy to look it up)

Sorry. Cyberspace is way more complicated - (5, Insightful)

unity100 (970058) | more than 5 years ago | (#27106201)

than you military oldtimers can ever comprehend. cyberspace also doesnt go well with the military mindset. military mindset requires control over the venues that needs securing. cyberspace, internet, is a venue that refuses control. because it is against its nature. even if you try and succeed in getting an iron stranglehold over internet in your country, the rest of the world will keep a free internet. which will mean that your security issues will continue. because, internet IS people. its not an empty network with consoles attached. its no different than your own society with its people.

you should leave cybersecurity to people who understand online world and its people. you cant accomplish shit with military mindset. even more, heavy handed or controlling approaches lead to social online backlashes and spontaneous actions. portray yourselves as anti freedom fascists trying to control internet in a 1950s manner for any reason, and you may gain the attention of a varying multitude of people from hacking crowd, each of which could undermine whatever budget you can throw at security. portray yourselves as a friend of the people, and they harrass your enemies. (a la pirate bay case).

remember - internet is an infinite chaotic space in which individuals can outdo thousands. best security approach is to be 'friend of the people'. and no military knows shit about that.

so, NSA, leave it to people who know internet.

Re:Sorry. Cyberspace is way more complicated - (2, Insightful)

Creepy Crawler (680178) | more than 5 years ago | (#27107599)

Wow. What a fool you are..

The military helped originally create the internet in its present form. And their base assumption was that once it was properly built, it would grow by itself. It's reason was to create a network that one could never be quieted, even by nuclear attacks.

Now, about the NSA: They're not heavy handed thugs. They've always been sigint, are sigint, and will always be the sigint. They dont want the iron-fisted control of the Internet, because they love listening!

However, do you know why this guy quit? It's a simple answer why...

"You're the network administrator. However, we cant give you admin passwords, you cant make critical decisions about the network, you cant make purchasing decisions, you cant do anything unless these 10 disparate groups agree."

I believe the proper word is hobbled. And it's what happened to the last person in that position.

Re:Sorry. Cyberspace is way more complicated - (2, Insightful)

unity100 (970058) | more than 5 years ago | (#27107671)

it HELPED create the internet in its NOT PRESENT, but initial form. it was designed as a network that would route over damage in case of a nuclear war and keep functioning.

noone had ANY idea what the internet would be like in 15 years.

NSA is a government agency. government agencies reflect the policies of whomever installed on top of them. if nsa is not heavy handed today, it will/may be tomorrow. you cant trust liberty with government agencies.

Re:Sorry. Cyberspace is way more complicated - (0)

Anonymous Coward | more than 5 years ago | (#27109129)

Yeah I understand the NSA bashing but here it really is misdirected. Sure the NSA has seemed to have done some boneheaded things but if you break it down to a case-by-case basis you find a trail of dead bodies that leads to a political appointee who has An Idiotic Ideology. The basic grunts of the NSA are mathematicians and engineers who are really good at tearing things apart. Making policy; errr maybe not so much.

[ASIDE: On the other hand, military intelligence (don't make that joke) have some good bright people who worry about circles of trust, secure perimeters, and identity verification. They also have a very long history or wrestling with non-virtual problems like keeping communications and intelligence out of enemy hands.]

For the US to have an effective cybersecurity department there must be clearly defined goals, an area of expertise that other intelligence depts defer to, and well oiled cooperation with the other security depts. Oh, and a department head that puts the dept's mission above political gamesmanship.

Losing Rod Beckstrom was just plain stupid. Bush allowed the creation of the NCSC and then strangled it. What you are not reading in the resignation letter is how Beckstrom went to the Obama administration with hat in hand to have more than 5 employees and permission to turn their white papers into actual policy. The Obama administration basically told Beckstrom that the only reason the NCSC existed was 1) To produce research for the NSA and 2) Be accountable for cybersecurity policies dealing with civilian networks even if the NCSC wasn't responsible for the policy initiative in the first place. The DHS was too weak compared to the NSA to backstop Beckstrom so he left.

I don't have a problem with the NSA taking the lead on cybersecurity as long as the NCSC is folded into it, the NCSC retains a semi-independent authority, and is subject to civilian review on civilian matters. Unfortunately it will be a cold day in hell before any two of those three happen. That's just the way the NSA works.

Truth is if we want to secure civilian networks we are going to have to do it ourselves - a feat slightly less miraculous then rasing the dead.

NSA knows more than you do (no pun intended) (1)

DragonHawk (21256) | more than 5 years ago | (#27107687)

so, NSA, leave it to people who know internet

Um, yah. Do you have any real idea what you're talking about?

The NSA is full of very smart people. They employ more mathematicians and computer scientists than any other organization in the world. Their IA division is very good. They publish lot of very good, public computer security guidance. The computer world would be a more secure place if most organizations tried to adopt some of their recommendations.

Check out http://www.nsa.gov/ia/guidance/security_configuration_guides/ [nsa.gov] some time. Chances are, the computers you're using to post your mindless spiel could benefit from following the instructions there.

They do nothing but Cyber Lip (1)

dbIII (701233) | more than 5 years ago | (#27109593)

From the press release that bunch has been making they either needed to be put under adult supervision or removed. A Department of Cyber Fear is pretty useless when it's compared with an option like getting each group to employ a few decent people to actually implement some improvements. It really does only need a few professionals setting guidelines for best practice, making sure these things are implemented, and then leaving the law enforcement to groups that enforce law and just give them the resources to have a few experts. We really didn't need a department of Cyber Fear just giving Cyber Lip.

They had a few years, what have they done? Did they even fund any of the researchers making progress in this area? If they did, then why can't another group that is given the same responsibility but less prone to Cyber hype? Just plain outright fraud has been renamed to Cyber Terrorism by clowns like these - I'm not buying it unless there really is a robot with a bomb.

Fox guarding the henhouse? (2, Funny)

EWAdams (953502) | more than 5 years ago | (#27106267)

The object of cybersecurity is to prevent people from interfering with out computers. The NSA's JOB is to interfere with our computers. They can hardly do both at the same time.

Re: Fox guarding the henhouse? (1)

rs232 (849320) | more than 5 years ago | (#27107071)

'The Washington Post is reporting that Microsoft received help [slashdot.org] from the National Security Agency in protecting the Vista operating system from worms and viruses'

NSA mission (1)

DragonHawk (21256) | more than 5 years ago | (#27107719)

The object of cybersecurity is to prevent people from interfering with out computers. The NSA's JOB is to interfere with our computers.

Actually, the NSA is charged with the security of the nation's communications, including the private sector. "National Signals Agency" would be a better expansion ("signals" including communications and computers in the GOVSEC world). Sure, they spy on everybody. How much spying they should do is a quagmire of a political debate I'm not about to involve myself in here. But they also work to make sure the nation's signals infrastructure is secure.

As I pointed out in another post, the NSA publishes a lot of security guidance. It's very well written, very real-world oriented, and public. The private sector would do well to take lessons from it.

http://www.nsa.gov/ia/guidance/security_configuration_guides/ [nsa.gov]

They've largely given up on controlling crypto. Of course, that just leads one to wonder -- is that because they've recognized it as a lost cause, or because they don't need to control it to crack it anymore?

Re:NSA mission (1)

fluffy99 (870997) | more than 5 years ago | (#27108613)

They certainly haven't given up on crypto. They are still the COMSEC authority. They are still experts at cracking crypto either directly or more cheaply by covert methods, for example putting out elliptical encryption methods that they "might" have the root coefficients for. You think NSA didn't get a few backdoors into MS products or bully them into getting a copy of their signing keys? Another published examples was buying off the French company that made the crypto gear used by a certain middle-east country, who then built in a weakness into the encryption. To me that's thinking smarter instead of relying on brute forcing the increasingly difficult encryption schemes.

NSA does some good (0)

Anonymous Coward | more than 5 years ago | (#27110059)

The NSA should be thought of as two houses. One side of the house is the signals intelligence gathering operation that everyone is suspicious of. The other side of the house is the research and development side. The NSA was one of the first to publish security guides for operating systems: http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml . The NSA funded the SE-Linux research, along with I am sure giving input to the TrustedBSD work: http://www.trustedbsd.org/sebsd.html .

The NSA does a lot of good. Lets give credit where credit is due.

wtf is a detailee? (0)

Anonymous Coward | more than 5 years ago | (#27106483)

Did it mean "detainee"??

What's a detailee? (0)

Anonymous Coward | more than 5 years ago | (#27106615)

Okay, so I'm not a member of the security community. What is a detailee again? (ff doesn't think it's a word)

cyber security should be the NSA's job :) (1)

rs232 (849320) | more than 5 years ago | (#27107013)

No, cyber insecurity is the NSA's job, that is, getting hold of your secret communications.. Remember when they tapped into the main fibre link in that telco [slashdot.org] , here [wired.com] also. Another way of getting their hands on your data is to set up fake cyber security research consultancys who will come in and 'secure' your installation :) shoosh ... No Such Agency ...

I thank y\ou for 7our time (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27107119)

stupid. To the base for FreeBSD can no longer be; and piss cocktail. already aware, *BSD are about 7700/5 from within. Against vigorous You don't need to

Thank you (0)

Anonymous Coward | more than 5 years ago | (#27111475)

... for your replies.

Now we can see you.

Stand in the middle of the room. Stand back to back. Put your hands behind your heads. Do not touch each other...

History didn't start in 2003 (2, Insightful)

crmartin (98227) | more than 5 years ago | (#27112677)

I wish journalists would do a little research. NSA has had the lead role in cybersecurity since before he term was invented, back to the National Computer Security Center when Bob Morris the Elder was Chief Scientist. Mid-80's, in other words. Communications security since Truman.

What this guy is complaining about is that he wasn't able to wrest control of cybersecurity away from NSA.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>