By Ryan Singel
May 02, 2008
The government's new cyber-security "Manhattan Project" is so secretive
that a key Senate oversight panel has been reduced to writing a letter
to beg for answers to the most basic questions, such as what's going on,
what's the point and what about privacy laws.
The Senate Homeland Security committee wants to know, for example, what
is the goal of Homeland Security's new National Cyber Security Center.
They also want to know why it is that in March, DHS announced that
Silicon Valley evangelist and security novice Rod Beckstrom would direct
the center, when up to that point DHS said the mere existence of the
center was classified.
Those are just two sub-questions out of a list of 17 multi-part
questions centrist Sens. Joe Lieberman (I-Connecticut) and Susan Collins
(R-Maine) sent to DHS in a letter Friday.
In fact, although the two say they asked for a briefing five months ago
on what the center does, DHS has yet to explain its latest acronym.
The panel, noted it was pleased with the new focus on cyber security,
but questioned Homeland Security's request to triple the center's
cyber-security budget to about $200 million.
They cited concerns about the secrecy around the project, its reliance
on contractors for the operation of the center and lack of dialogue with
private companies that specialize in internet security.
That center is just one small part of the government's new found
interest in computer security, a project dubbed the Comprehensive
National Cybersecurity Initiative, which has been rumored to eventually
get some $30 billion in funding.
Little is known about the initiative since it was created via a secret
presidential order in January, though the Washington Post reports that
portions of it may be made public soon.
We are also concerned that the lack of information about the CNCI
being provided to the public, other agencies, and private entities
that conduct business with the government might be creating
confusion and concern about the initiative. Given the broad nature
and goals of this initiative, agencies may be less likely to plan
for their future information technology needs, fearing that systems
they purchase might not comply with the initiative. Similarly,
industry will be less likely to do business with the government
given the uncertainty about future technical requirements.
Additionally, the public, of course, must be reassured that efforts
to secure cyber networks will be appropriately balanced with respect
for privacy and civil liberties.
Why might citizens be worried about privacy and civil liberties?
Consider that the whole initiative appears to have been launched after
the Director of National Intelligence told the President Bush that a
cyber attack might wreak as much economic havoc as 9/11 did.
Consider that the NSA, which currently protects classified networks,
wants to expand into protecting all non-classified federal government
networks. Consider that Congress is set to legalize the NSA's monitoring
rooms in the nation's phone and internet infrastructure.
For its part, the FBI says it also needs access to the internet's
backbone, while the Air Force is hyping its own efforts at cyber defense
and offense. Meanwhile, THREAT LEVEL's sister blog Danger Room reports
that DARPA is getting in on the hot cyber-action, with a project to make
a fake internet to develop new cyber attacks and defenses.
It's been said many times that if the government knew what the internet
was going to become when it grew up, they would had never let it out of
Now it seems the only question is whether the government will be able to
turn the net into a controllable, monitorable and trackable pre-internet
AOL-type service or whether the chaotic net will live on as just another
frontier for the military-industrial complex to start an arm's race and
rake in billions of government dollars.
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com