Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Government Security United States News IT Politics

US Cybersecurity Chief Beckstrom Resigns 117

Posted by Soulskill
from the take-this-job-and-shove-it dept.
nodialtone writes with a Reuters report that Rod Beckstrom, director of the National Cybersecurity Center (NCSC), has tendered his resignation, citing clashes between the NCSC and the NSA with regard to who handles the nation's online security efforts. In his resignation letter (PDF), he made the point that "The intelligence culture is very different than a network operations or security culture," and said he wasn't willing to "subjugate the NCSC underneath the NSA." He also complained of budget roadblocks which kept the NCSC from receiving more than five weeks of funding in the past year. Wired has a related story from late February which discusses comments from Admiral Dennis Blair, director of National Intelligence, who thinks cyber security should be the NSA's job to begin with.
This discussion has been archived. No new comments can be posted.

US Cybersecurity Chief Beckstrom Resigns

Comments Filter:
  • by Anonymous Coward on Saturday March 07, 2009 @12:02PM (#27105367)

    Security is like virginity...once compromised it is lost forever.

  • by jmcvetta (153563) on Saturday March 07, 2009 @12:06PM (#27105407)

    From Mr Beckstrom's resignation letter: "In addition, the threats to our democratic processes are significant if all top level government network security and monitoring are handled by any one organization (either directly or indirectly."

    Amen, brother.

    • Was he cleared by the IRS or not?
    • by PolygamousRanchKid (1290638) on Saturday March 07, 2009 @12:29PM (#27105585)

      Yeah, like, what happened to that concept of "Checks and Balances" that Founding Fathers thought up in a steamy room in Carpenter's Hall in Philadelphia?

      So now the agency in charge of breaking security, and spying on people, should now be in charge of guaranteeing security?

      I better check the latest release notes, it seems that "Checks and Balances" has now been deprecated.

      • by Antique Geekmeister (740220) on Saturday March 07, 2009 @01:09PM (#27105817)

        No, that's Congress's and the Supreme Court's job. They haven't been doing it lately.

        The reason for competing departments in the US Executive department is to provide a department willing to disagree, and possibly arrest or even shoot, members of the other department to prevent mutiny against the President's orders.

      • by lseltzer (311306) on Saturday March 07, 2009 @01:41PM (#27106069)

        They didn't think up checks and balances, they just implemented Montesquieu's theories in a more thorough and novel way than had been done. And it wasn't Carpenter's Hall, it was Independence Hall, then I think still called the Pennsylvania State House.

      • Re: (Score:3, Insightful)

        by sgt_doom (655561)

        Outstanding points all. While I have little faith in any US agencies at present, I do recall that the USAF Intelligence officially went on record, prior to the illegitimate Iraqi invasion by Cheney/Bush, as to their complete disagreement with Cheney's doctored CIA intel on the matter.

        Also, awhile back when the USAF created its Cyber Security Command (or something like that), Cheney immediately shut it down.

        Good recommendations all for the USAF being in charge of cyber security.....

        • Re: (Score:1, Troll)

          by gtall (79522)

          This was the same USAF that stated they were standardizing all their computing on Microsoft software. Security? Microsoft? No, it just cannot be done, not here, not anywhere, ever, no how...

          Gerry

        • by wellingj (1030460)
          "Democracy is two wolves and a lamb voting on what to have for lunch." -Benjamin Franklin
        • If there is one entity 'in charge', you don't have security.

          You have a security hole.

        • Re: (Score:3, Insightful)

          by mi (197448)

          Also, awhile back when the USAF created its Cyber Security Command (or something like that), Cheney immediately shut it down.

          And rightly so. Cyber security has nothing to do with flying planes, and so it did not belong to the US Air Force any more than to the Agriculture Department.

          Yes, I am well aware that military branches have overlapping services (such as Marines having their own planes), but for USAF to have the main anti-hacking command — beyond what's needed to secure their own networks

          • by sgt_doom (655561)

            OK - I am in agreement with all the posts, NO US government agency can be trusted in this matter.....(I just wanted to make those points about the soulless one, Cheney.....)

        • by afxgrin (208686)

          I hate the name Cyber Security. It sounds very cliche - it should be Communications Security Command - because 'cyber' implies just the Internet - while Communications implies the whole bag of goods.

          Then again - it should just be a section of the NSA. You've got the largest of employer of mathematicians in the world - with some really large computer systems. It only makes sense for them to be doing this.

          I can understand the USAF wanting their own command for this - if they feel other departments are not

    • Re: (Score:3, Insightful)

      by Mikkeles (698461)

      '... threats to our democratic processes are significant if all top level government network security and monitoring are handled by any one organization... '

      Like the government?

      • by jmcvetta (153563)

        In a large, fairly open government such as the United States has, there will be many interested parties, each with their own agenda and base of power. It is a mistake to think these agendas will all be the same, or even compatible with one another. A single faction may gain control of a department, or of several key departments, but gaining control of the entire government is much harder.

        Thus keeping the task of information control and monitoring dispersed among several agencies is a protection, but not a

  • If the NSA is "put in charge" (I fail to see how this occurs) then many, who presumably already do this, will just have their own secure networks. I'm sure the military branches use their own methods, which are even resistant to NSA spying. Individuals who are concerned can currently use their own encryption or other methods to best secure their networks (it isn't illegal). If the NSA is in charge, one can rest assured that the copy and archive everything they can. How big "everything they can" is depen
    • wrong (Score:4, Informative)

      by SuperBanana (662181) on Saturday March 07, 2009 @12:23PM (#27105543)

      I'm sure the military branches use their own methods, which are even resistant to NSA spying

      The entire point of the NSA is to secure government (and thus military) communications. DES, hello? That was developed so that the government could send shit privately, not for you and me.

      The NSA takes charge of development of all the various devices used, and probably gives recommended policy and procedure too. For example, secure communications between embassies? That gear was designed by the NSA, as were the protocols for programming them. Same goes for the encrypted comms on military planes and whatnot. The military uses these fancy boxes to "load" encryption keys into radios and such- and assure their security, chain of custody, blah blah. NSA developed.

      If you think the NSA has secret access and is running counter-ops or some bullshit like that, you've been watching too many bad movies and reading too many bad (Tom Clancy) novels.

      • Who here actually thought that these new posts by the new administration are more than puppets? Reinventing the wheel is stupid enough, and it has relatively few features. Reinventing security? WTF already.

        The fact that the NSA has been working on this for some time and the results we've seen only highlight that the previous system was broken, no matter that it did produce some good results. Change is needed, but you can't make it happen by decree, it only looks like you did something when that happens and

      • Re: (Score:3, Insightful)

        by Anonymous Coward
        And you are either making a joke or have not worked within the agency. The entire "point" of the NSA is certainly not just to secure communications. I believe the 17,000 interceptors I worked with would think otherwise...
        • Re: (Score:1, Funny)

          by Anonymous Coward

          How is it that a former NSA agent posts as Anonymous Coward. To be on the forefront of the war on terror, we do not need cowards. I say this, of course, as an Anonymous Coward.

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        Further, the NSA is the most anal organization when it comes to following USSID, the (secret) laws that restrict what they can collect. I trust the NSA more then any other government organization, now that I've worked with them.

        • Re:wrong (Score:4, Insightful)

          by Ethanol-fueled (1125189) * on Saturday March 07, 2009 @02:03PM (#27106219) Homepage Journal
          What about those fiber splices and sekrit black boxes in the AT&T offices?

          Either the so-called "rules" don't mean anything, or the NSA just has others break the law for them. Then Bush and Obama give those others immunity from prosecution.

          I don't trust any agency with "security" in its name. Especially when they abuse their networks to commit industrial espionage among other dirty tricks.
          • Well, the DGSE has industrial espionage as one of it's chartered goals. Supposedly they spend about 25% of their resources on industrial espionage. Hate to break it to you, but if it's not the NSA, it's the DGSE, or MI6, or the FSB, or Mossad or (insert three letter agency here).

            So to the think the NSA or the Untied States has some monopoly on using state intelligence services for corporate spying is rather naive.

            The reality is there will always be those with power who will use it to their gain no matter

      • by sgt_doom (655561)
        Gee whiz??? Would this be the same NSA, formerly directed by one General Hayden, who approached Congress immediately after 9/11/01 attacks for emergency funds, which he then used for the two top actions (this is public record, dood!):

        1) Hiring a boatload of polygraph examiners, and

        2) Hiring a bunch of new security guards.....

        • by Ilgaz (86384)

          Bin Laden is a wise guy not to use any kind of electronic communication. What guy uses for internal communications are actual donkeys and guys carrying handwritten notes. That is how all those multi billion state of art espionage satellites failed. There is no technology to trace a guy carrying a handwritten note in his pocket on Afghan mountains.

          If he asked for polygraph examiners, it could be the reason.

          • by True Grit (739797) *

            Bin Laden is a wise guy not to use any kind of electronic communication.

            Did everyone here (from the US) not see the NOVA special on PBS some months ago called the 'The Spy Factory'?

            Fact: Bin Laden was using a satellite phone to contact his people.

            Fact: The NSA was listening in...

            Fact: The FBI was suspicious of one of the 9/11 hijackers' activities in California but didn't know the guy was talking with Bin Laden.

            Fact: The NSA did know, but wouldn't tell the FBI

            Fact: There is a reasonable possibility that 9/11 could have been stopped if the NSA and FBI had been sharing info

  • by Anonymous Coward on Saturday March 07, 2009 @12:24PM (#27105545)

    The current government cyber security system is broken by design. There is no way that one super organization can make every government network in the country secure. Each department and division in the government will have different needs. The only reasonable method to do this would be to have those departments and divisions implement their own security systems while the government at a whole creates a technology/advisory branch and a regulatory branch. Sort of like the DOE/NRC to nuclear reactor safety. The regulatory branch would audit the security (and potentially fine) the highest risk government agencies while the technology/advisory branch would be a big IT desk at which each department or branch could shop.

  • Perpetrate and facilitate are not high on an actual security agenda.

  • by Tiger4 (840741) on Saturday March 07, 2009 @01:03PM (#27105771)

    "...director of National Intelligence, who thinks cyber security should be the NSA's job to begin with."

    Geezus, the would be like putting the thieves in charge of the banks! Uhhh, wait...

  • Security (Score:5, Insightful)

    by Idiomatick (976696) on Saturday March 07, 2009 @01:08PM (#27105813)
    The US security system(s) always amaze me. OkOk so the military gets infantry, navy and special ops divisions. But in the US you guys have like at least 10 other organizations. And all of their objectives are vague. Why not just close/merge a bunch of them. CIA FBI NSA NCSC US SS DoH DIA NRA really I could just start picking random letters (and i'm sure there are more than i've listed). They each get like 10billion a year. You see the same things happening with science. Cept the total for science is like 30b instead of 100. Its kind of amazingly wasteful. Even assuming they worked together well with no overlap. It is hard for a government to properly overview that many pointless departments if you don't even know what they are supposed to be doing.
    • Re:Security (Score:5, Informative)

      by Eravnrekaree (467752) on Saturday March 07, 2009 @01:26PM (#27105951)

      Having different independant departments with different focus s not a bad idea. One of the concerns about FEMA after the New Orleans incident is that it had been reduced from a cabinet level agency and perhaps had lost some of its focus on natural disasters. In government there is transparency, so that a government agency can avoid duplicating the work of other agencies and as well they can also cooperate. So having a larger number of agencies also can allow for checks and balances to happen as well, so you dont have all of your eggs in one basket. Its important to have several indepandent agencies that can monitor each other. Different departments may also have different specialisation and may better able to fulfill certain needs than others.

      • Re: (Score:3, Insightful)

        by aztektum (170569)

        We'd have all the transparency with much less expense to individuals if we didn't have to PAY for these federal agencies in the first place. Let us give the money to the state rather than this cluster fuck in D.C.. At most the fed should have an agency that acts as a liaison between states for interstate crime/commerce and establish a few frameworks for open commerce and things like patents/copyright/etc. Then focus on global affairs, defense, all that noise. Giving them the authority to police within a sta

    • by solafide (845228)
      Thank the Lord, the NRA is a non-governmental organization. Unless you're talking about the National Recovery Administration, which has nothing to do with the CIA.
    • by Sfing_ter (99478)

      Because, where would the drama be if we did not have this redundancy?

      Putting it in the hands of one agency is bad - giving it to legislators is bad too - this is where I hope we get some transparency, if there are threats we need to know, it is OUR country, all of ours, not just those 'elected' to represent us. Those that for some reason think that makes them ABOVE us.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Why not just close/merge a bunch of them. CIA FBI NSA NCSC US SS DoH DIA NRA really I could just start picking random letters (and i'm sure there are more than i've listed)

      One of the key reasons that there are so many agencies is that there is a clear dividing line in US law between the military and civilian agencies. These agencies were divided because the goal was to have the military worry about external military threats while civilian agencies handled internal threats and non-military external threats. This division is a positive defense against making the US a police state or giving the military too much power. It costs more money, but it also restricts mission creep.

      • "One of the key reasons that there are so many agencies is that there is a clear dividing line in US law between the military and civilian agencies. "

        It has a lot more to do with historical accident than separation of powers. The agencies each formed from different power bases, with slightly different but overlapping missions, and have grown into institutions.

        DHS is a *great* recent example. DoD, NSA, CIA, FBI, NRO, NCSC... what, we didn't have *enough* agencies that were already supposed to be protecting us for threats? But there was a crisis, so the existing power base creates a new organization to solve all the problems, rather than trying to fix t

        • And frankly, the whole "military" vs "civilian" thing is fairly specious. If we're worried about abuse of government power, the fact that the NSA is a nominally "civilian" agency doesn't really matter. They can still abuse their power just as well. What difference does it make that their CO is a "Director" rather than a "General"?

          Disobeying a corrupt director won't get you hanged. Generals wield far more power and are thus far more dangerous a threat to democracy than civilian chief executives. How common is it for a coup d'état to come from a minister of interior security?

          • "Disobeying a corrupt director won't get you hanged."

            In fairness, disobeying a corrupt order will generally not lead to hanging. It likely will lead to a Court Martial, but if the order truly was corrupt, you'll be let off. Not that "I don't agree" does not make an order corrupt.

            Still, I think you do make a fair point, so touche. Generals do command large forces with large weapons. The DCI commands a rather smaller force, most of whom don't have weapons, and most of those who do have much smaller weapons.

            Of course, the CIA used to operate its own air forc

    • by thethibs (882667)
      Nice of you to include the NRA.
    • by chrisG23 (812077)
      Here is a partial explanation on why all the agencies. I am not an expert but I have an account on Slashdot.

      CIA - Limited to overseas espionage and intelligence. Does not have the capability to conduct a large scale military operation. Can do NOTHING* against U.S. citizens anywhere in the world, and can do nothing* against legal foreign nationals on U.S. soil.

      FBI - Can enforce US Federal Law (which is different than state law, the FBI can do nothing to someone that breaks a state law unless it is also
  • What we need (Score:5, Interesting)

    by Eravnrekaree (467752) on Saturday March 07, 2009 @01:19PM (#27105887)

    There should be a focus and funding on implementing BGPSEC and DNSSEC since this is where many of the major vulnerabilities lie, and developing new and improved encryption systems and so on. The goal being to assure the internet is a platform of freedom of expression where some cannot oppress the viewpoints of others.

    • Re: (Score:3, Insightful)

      by TubeSteak (669689)

      The goal being to assure the internet is a platform of freedom of expression where some cannot oppress the viewpoints of others.

      From a national security point of view, being able to oppress the viewpoints of others is a feature, not a bug.

    • "There should be a focus and funding on implementing BGPSEC and DNSSEC since this is where many of the major vulnerabilities lie,"

      Huh?

      DNS and BGP are generally run by people who know what they are doing. While there are protocol vulnerabilities, they've historically been pretty resistant to attack. Compromises have been local and stayed local, like they should.

      Compare that to the massive data breaches that major financial, health care, and government organizations have reported. Compare that to the hundreds of thousands -- if not millions -- of compromised home computers service as spam cannons and botnet members.

      DNS and BGP are no

      • Actually it has gotten easier to hijack BGP and DNS and these vulnerabilities have been recently shown. So the network protecting itself from these attacks has grown more important. For instance, Pakistan and its global youtube reroute.

    • by themassiah (80330)
      Their is indeed a national focus (mandate, really) to implement DNSSEC on all internal DNS mechanisms in the .GOV domain by some arbitrary date. Unfortunately, it's one of those famous Bush unfunded mandates. A deadline with checkpoints and costs, but no money to cover those costs. I'm working at one of those 3-letter-agencies that is helping lead the way on DNSSEC in the government space, but their is SO MUCH RED TAPE and so little time to negotiate it.
    • developing new and improved encryption systems

      Really? What I hear people say at various security conferences is that you don't go through the crypto, but around it. You scan the guy's disk for things that looks like a password, then you try all of them. Or you do a timing attack. Or you...

      None of it breaks the mathematical properties of the encryption function. Why do we need new mathematics?

  • So? (Score:4, Insightful)

    by PingXao (153057) on Saturday March 07, 2009 @01:31PM (#27105999)

    Sounds like a good position to eliminate completely. Take the whole DHS with you on the way out the door. And possibly a good chunk of NSA too.

  • by John Pfeiffer (454131) on Saturday March 07, 2009 @01:54PM (#27106151) Homepage

    When blueprints and stuff for Marine 1 show up in Iran because some contractor wanted to download Britney Spears mp3s, yeah. I'd throw my hands up and walk away too. Things are only handled as intelligently as the dumbest person involved, and the leading cause of aneurism these days is having to deal with dumb people.

  • You know, I could have joined the NSA, but they found out my parents were married.

    ~Philly

    • Re: (Score:1, Insightful)

      by Anonymous Coward
      That's a quote from sneakers. Quotes are usually quoted to indicate that you aren't the originator. (it's a good quote though, and apt) though more apt is the follow up line which which the agent informs marty that the NSA doesn't have a domestic charter. (too lazy to look it up)
  • by unity100 (970058) on Saturday March 07, 2009 @02:02PM (#27106201) Homepage Journal

    than you military oldtimers can ever comprehend. cyberspace also doesnt go well with the military mindset. military mindset requires control over the venues that needs securing. cyberspace, internet, is a venue that refuses control. because it is against its nature. even if you try and succeed in getting an iron stranglehold over internet in your country, the rest of the world will keep a free internet. which will mean that your security issues will continue. because, internet IS people. its not an empty network with consoles attached. its no different than your own society with its people.

    you should leave cybersecurity to people who understand online world and its people. you cant accomplish shit with military mindset. even more, heavy handed or controlling approaches lead to social online backlashes and spontaneous actions. portray yourselves as anti freedom fascists trying to control internet in a 1950s manner for any reason, and you may gain the attention of a varying multitude of people from hacking crowd, each of which could undermine whatever budget you can throw at security. portray yourselves as a friend of the people, and they harrass your enemies. (a la pirate bay case).

    remember - internet is an infinite chaotic space in which individuals can outdo thousands. best security approach is to be 'friend of the people'. and no military knows shit about that.

    so, NSA, leave it to people who know internet.

    • Re: (Score:3, Insightful)

      Wow. What a fool you are..

      The military helped originally create the internet in its present form. And their base assumption was that once it was properly built, it would grow by itself. It's reason was to create a network that one could never be quieted, even by nuclear attacks.

      Now, about the NSA: They're not heavy handed thugs. They've always been sigint, are sigint, and will always be the sigint. They dont want the iron-fisted control of the Internet, because they love listening!

      However, do you know why t

      • Re: (Score:3, Insightful)

        by unity100 (970058)

        it HELPED create the internet in its NOT PRESENT, but initial form. it was designed as a network that would route over damage in case of a nuclear war and keep functioning.

        noone had ANY idea what the internet would be like in 15 years.

        NSA is a government agency. government agencies reflect the policies of whomever installed on top of them. if nsa is not heavy handed today, it will/may be tomorrow. you cant trust liberty with government agencies.

    • so, NSA, leave it to people who know internet

      Um, yah. Do you have any real idea what you're talking about?

      The NSA is full of very smart people. They employ more mathematicians and computer scientists than any other organization in the world. Their IA division is very good. They publish lot of very good, public computer security guidance. The computer world would be a more secure place if most organizations tried to adopt some of their recommendations.

      Check out http://www.nsa.gov/ia/guidance/security_configuration_guides/ [nsa.gov] some time. Chances are,

    • From the press release that bunch has been making they either needed to be put under adult supervision or removed. A Department of Cyber Fear is pretty useless when it's compared with an option like getting each group to employ a few decent people to actually implement some improvements. It really does only need a few professionals setting guidelines for best practice, making sure these things are implemented, and then leaving the law enforcement to groups that enforce law and just give them the resources
    • by afxgrin (208686)

      Talk about calling out the NSA for a hacking show down.

      "Here - weighing in with /. UID 970058 is our underdog - Unity100. Tonight he will be taking on the current heavyweight hacking champion - the NSA."

      Mr.T - sitting in the crowd, automatically comments with "I pity the foo."

  • by EWAdams (953502) on Saturday March 07, 2009 @02:13PM (#27106267) Homepage

    The object of cybersecurity is to prevent people from interfering with out computers. The NSA's JOB is to interfere with our computers. They can hardly do both at the same time.

    • 'The Washington Post is reporting that Microsoft received help [slashdot.org] from the National Security Agency in protecting the Vista operating system from worms and viruses'
    • The object of cybersecurity is to prevent people from interfering with out computers. The NSA's JOB is to interfere with our computers.

      Actually, the NSA is charged with the security of the nation's communications, including the private sector. "National Signals Agency" would be a better expansion ("signals" including communications and computers in the GOVSEC world). Sure, they spy on everybody. How much spying they should do is a quagmire of a political debate I'm not about to involve myself in here. But they also work to make sure the nation's signals infrastructure is secure.

      As I pointed out in another post, the NSA publishes a lot

      • by fluffy99 (870997)
        They certainly haven't given up on crypto. They are still the COMSEC authority. They are still experts at cracking crypto either directly or more cheaply by covert methods, for example putting out elliptical encryption methods that they "might" have the root coefficients for. You think NSA didn't get a few backdoors into MS products or bully them into getting a copy of their signing keys? Another published examples was buying off the French company that made the crypto gear used by a certain middle-eas
  • No, cyber insecurity is the NSA's job, that is, getting hold of your secret communications.. Remember when they tapped into the main fibre link in that telco [slashdot.org], here [wired.com] also. Another way of getting their hands on your data is to set up fake cyber security research consultancys who will come in and 'secure' your installation :) shoosh ... No Such Agency ...
  • by crmartin (98227) on Sunday March 08, 2009 @10:57AM (#27112677)

    I wish journalists would do a little research. NSA has had the lead role in cybersecurity since before he term was invented, back to the National Computer Security Center when Bob Morris the Elder was Chief Scientist. Mid-80's, in other words. Communications security since Truman.

    What this guy is complaining about is that he wasn't able to wrest control of cybersecurity away from NSA.

    • ...

      What this guy is complaining about is that he wasn't able to wrest control of cybersecurity away from NSA.

      Exactly, my buildings security personnel are not in charge of the IT group they are our customer and we take their needs into account. If you work in IT (this is /. right?) would you like your security guys telling you how to manage the network/PC's.

  • He also complained of budget roadblocks which kept the NCSC from receiving more than five weeks of funding in the past year.

    That's a great example of a bad sentence. Did they receive five weeks of funding, or less than 47 weeks?

    Uh-oh, have to read TFA to find out...

  • I would like to point out that what he was objecting to was the chain of command. You could use the analogy of a large company building. Like where I work.

    I am in IT and we take security seriously but I don't answer to the building security personnel or their supervisors. This was the old mindset. I have seen old org charts where security, IT, and janitors are all lumped under facilities.

    I administer the servers that control the badging and access cards. I work closely with them on many projects involving

Physician: One upon whom we set our hopes when ill and our dogs when well. -- Ambrose Bierce

Working...