AOH :: ISNQ5397.HTM|
Cybersecurity's New Guard
Cybersecurity's New Guard
Cybersecurity's New Guard
Site design & layout copyright © 1986-2014 CodeGods
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
By Keith Epstein
March 21, 2008
Rod Beckstr=C3=B6m may seem like an unconventional choice to be the nation's
top cybersecurity watchdog. On Mar. 20, the Bush Administration named
Beckstr=C3=B6m head of the National Cyber Security Center, an interagency
group quietly created by a national security directive signed by
President Bush in January.
Beckstr=C3=B6m, 47, is a Silicon Valley entrepreneur, a former derivatives
trader, and a champion of conflict resolution in Africa. He's better
known as the founder of business collaboration software provider
Twiki.net and as an author specializing in the agility of decentralized
organizations than for connections inside the Beltway or expertise in
Is he really the best choice for defending U.S. computer networks from
cyberattacks? Does Beckstr=C3=B6m have the bona fides to secure the
government's computer systems, which have been penetrated with
regularity in recent years, and against which the government has failed
to orchestrate a coordinated, centralized response? Absolutely, say some
network security professionals and insiders at the Pentagon, the
National Security Agency, and the White House.
Who better to come against the splintered, decentralized bands of
hackers and cybercriminals who pose the biggest threat to computing
systems than an expert in, well, decentralization? Beckstr=C3=B6m highlights
the benefits of not having a traditionally hierarchical, identifiable,
and centralized organizational structure in The Starfish and the Spider:
The Unstoppable Power of Leaderless Organizations , a book he
co-authored in 2006.
For one, leaderless groups are more nimble. They can be more creative.
Think of the creation and organic growth of Craigslist, Wikipedia, and
even terrorist cells. Then there are hackers, whose ability to mask
identities, navigate the unregulated wilds of the Internet, and insert
malware where chief information officers least expect it gives them
disproportionate power and reach. Whether in the marketplace or the
battlefield, the advantage goes to those who are harder to identify and
locate, and who lack a clear headquarters or chain of command.
"Decentralization has been lying dormant for thousands of years," wrote
Beckstr=C3=B6m and co-author Ori Brafman. "But the advent of the Internet has
unleashed this force, knocking down traditional businesses, altering
entire industries, affecting how we relate to one another, and
influencing world politics."
Beckstr=C3=B6m and co-author Brafman add: "The absence of structure,
leadership, and formal organization, once considered a weakness, has
become a major asset. Seemingly chaotic groups have challenged and
defeated established institutions. The rules of the game have changed."
Spider vs. Starfish
The title comes from organizational properties. "Spider" organizations
are rigid and centralized. People follow the leader. Encounter big
problems at the top and the entire structure collapses. Better to think
like a "starfish," which moves forward thanks to the independent
movement of multiple arms that can regenerate if severed.
The question now, of course, is just how far Beckstr=C3=B6m can take his
thesis. He has supporters who think similarly in the Pentagon, where
senior military officials have mentioned his book while discussing
computer security issues and in gatherings of computer security
specialists in the few weeks prior to Beckstr=C3=B6m's selection.
As one such security consultant noted in an early March presentation to
computer-system managers working for defense contractors, power
companies, and universities: "What sense does it make to let the enemy
know the Air Force has a Cyber Command up and running? Maybe it makes
more sense to think as Rod Beckstr=C3=B6m advocates=E2=80=94dispersing our networks,
spreading our response to them around, creating the same kind of
uncertainty in their minds about where we are that we have about where
they're coming from."
Federal bureaucracies have been struggling for years with hacker
intrusions and attempts to manage varying efforts within agencies. But
despite new laws and rules, new programs within individual agencies, and
a 2003 national "strategy" intended to secure cyberspace, many
government networks remain insecure. The General Accountability Office,
the investigatory arm of Congress, last October noted that agencies
often lack information security on their networks and had not secured
"We're simply stalled as a nation when it comes to cybersecurity," says
Vic Maconachy, a former top computer science official with the National
Security Agency. "We can no longer wait for someone to come along and
lead the way."
The impulse for a coordinated fix is now accompanied in some circles by
a yearning for a decentralized approach. Cybersecurity specialist Paul
Kurtz, a former homeland security and national security official during
the Bush and Clinton administrations, is among Beckstr=C3=B6m's fans.
"Rod can help the government bureaucracy help itself," says Kurtz.
"Rather than centralized command and control, Rod brings new thinking
about how decentralized organizations can help defend government
Beckstr=C3=B6m has made no bones about his criticism of the Bush
Administration's approach to terrorism. "After 9/11=E2=80=A6we took all the
different police forces and intelligence forces and put them all under
Homeland Security," he noted in a Jan. 1, 2007, interview with The
Washington Post. "That was a major centralization move, and typical:
When a fairly centralized player gets attacked by a decentralized force,
like al Qaeda, the first reaction is to centralize further, and that's
usually a strategic mistake." Added Beckstr=C3=B6m in that interview: "We can
centralize our opponents and decentralize our own activity."
A Serial Entrepreneur
Homeland Security Secretary Michael Chertoff welcomed Beckstr=C3=B6m in a
brief statement, saying he would help government agencies "implement
cyber security strategies in a cohesive way" and improve "situational
awareness and information sharing." Chertoff noted Beckstr=C3=B6m has "unique
entrepreneurial and creative business thinking." A Homeland Security
spokeswoman says Beckstr=C3=B6m is currently declining requests for
Twiki.net, an open-source collaboration platform for businesses,
including many blue chip companies, replaced its co-founder with Thomas
Barton as interim CEO.
A native Oklahoman, Beckstr=C3=B6m started his first company at age 24 in a
garage apartment. He was attending Stanford Business School at the time,
and had previously worked in London for two years as a derivatives
trader at Morgan Stanley (MS). By stringing together student and other
loans, he created financial software that eventually became CATS
Software. The software helped banks estimate the risk of derivatives
used as a hedge against losses in currency and interest rates.
Beckstr=C3=B6m co-founded Mergent Systems, eventually sold to Commerce One,
and has been an adviser to venture capitalists. He also serves on boards
of African microlender Jamii Bora Trust and the Environmental Defense
Epstein is a correspondent in BusinessWeek's Washington bureau.
Content-Type: text/plain; charset="us-ascii"
Subscribe to InfoSec News