[Paleopsych] Technology Review: Cyber Security's Cassandra Syndrome

Premise Checker checker at panix.com
Sat Jan 22 15:48:59 UTC 2005 

Technology Review: Cyber Security's Cassandra Syndrome
http://techreview.com/articles/04/12/wo_hellweg121004.asp?p=0

    A proposal to create a senior-level cyber security position at the
    Department of Homeland Security is killed at the eleventh hour. Why is
    this issue such a problem for the Bush administration?
    By Eric Hellweg
    December 10, 2004
    The big news surrounding the passage of the Intelligence Reform Act
    this week was the creation of a new, top-level intelligence director
    position, which will oversee all aspects of intelligence gathering and
    dissemination in the U.S. government.

    But the technology community was calling foul at the elimination of
    another proposed high-level post. During last minute, "mercurial"
    conference sessions, a provision that would have created an assistant
    secretary of cyber security within the Department of Homeland Security
    (DHS) was eliminated.

    "The executive branch must exert more leadership" in this area, says a
    statement issued this week by the Cyber Security Industry Alliance, a
    Washington-based lobbying group.

    Many hoped the post would help end the musical chairs nature of the
    current cyber security director position, which has been a problem
    since the Bush administration took office in 2000.

    President George W. Bush appointed Richard C. Clarke to be the
    nation's first cyber security "Czar", but he resigned in frustration
    in February 2003. He was followed by Howard Schmidt, now the chief
    security officer at eBay, who also quit after two months. Most
    recently, the position was held by Amit Yoran, a former Symantec
    executive. But by then the position was a part of the DHS, and Yoran,
    reportedly frustrated by the lack of attention given to the issue,
    resigned in October after just one year.

    No one doubts the necessity of protecting the nations airports and
    infrastructure, but the topic of cyber security doesn't require a
    senior-level post says the DHS, which requested the excision,
    according to Harris Miller, president of the Information Technology
    Association of America (ITAA).

    "We're still examining respective options for reorganization," says
    Katie Mynster, a spokesperson for DHS." [But] regarding that position
    specifically, we continue to believe that the integration of physical
    and cyber security within the Infrastructure Protection Directorate is
    the best method to protect the nations infrastructure."

    Security observers fear that with the elimination of the assistant
    secretary proposal, cyber security could slip further down the
    mindshare and budget priority list. Miller says that because the
    assistant secretary position is a political appointee-level post,
    requiring congressional approval hearings, it carries far more heft
    than the current staffing level.

    But there's a more practical consideration as well, Miller says. The
    assistant secretary position is two people removed from the
    president's ear, instead of the five that exist now.

    "Unless you're a senior person, it's tough to meet other senior
    people. It's harder to get face time," says Miller.  "Washington is
    all about clout, real and perceived."

    Technology industry organizations on the hill that opposed the
    position's elimination fear that without a senior-level person pushing
    for budgets and awareness, the nation risks a critical infrastructure
    attack, one that could cost multiple billions of dollars and possibly
    lives.

    Right now, much of the discussion around cyber security involves
    hackers shutting down websites and stealing personal information. But
    with networked sensors and software-based operations at our nation's
    power plants, petroleum refineries, and other critical locations,
    cyber-security proponents fear that someone might try to gain access
    to these points as part of a larger, coordinated attack with terrorism
    -- not hacker hijinx -- as a motive.

    Further complicating the issue is the wide variance in security
    awareness among different industries and sectors. The finance
    industry, for example, is very much attuned to the issue of cyber
    security, whereas the agriculture, energy, and education sectors
    either don't have the budget or don't think the topic is a problem.
    Proponents say government-led initiatives, shepherded by an assistant
    secretary-level position, could help educate industries and the
    public, and work to protect against cyber attacks.

    "The message the Department of Homeland Security is sending is that
    cyber security just isn't that high of a priority," says Miller.

More information about the paleopsych mailing list