DHS Cybersecurity Team: "It's been a mess for four years."

http://news.zdnet.com/2100-1009_22-5891219.html?tag=st.num

U.S. cybersecurity due for FEMA-like calamity?

(Entire article worth a read for the interested; Senate Homeland Security Committee singled out for sitting on its hands, etc.)

But more so than FEMA, the department's cybersecurity functions have been plagued by a series of damning reports, accusations of bureaucratic bungling, and a rapid exodus of senior staff that's worrying experts and industry groups. The department is charged with developing a "comprehensive" plan for securing key Internet functions and "providing crisis management in response to attacks"--but it's been more visible through press releases such as one proclaiming October to be "National Cyber Security Awareness Month."

Probably the plainest indication of potential trouble has been the rapid turnover among cybersecurity officials. First there was Richard Clarke, a veteran of the Clinton and first Bush administrations who left his post with a lucrative book deal. Clarke was followed in quick succession by Howard Schmidt, known for testifying in favor of the Communications Decency Act, then Amit Yoran and Robert Liscouski.

The top position has been vacant since Liscouski quit in January. In July, Homeland Security Secretary Michael Chertoff pledged to fill the post but has not named a successor.

. . .

"It's been a mess for over four years, and hopefully the new folks will fix this," said Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies.

"In the previous incarnation, DHS and the Homeland Security Council didn't really know what to do with cyber--it's been a deer-in-the-headlights experience for them," Lewis said. "It's not clear who's even in charge. When you look at all the different committees who assert they have a role in cybersecurity, it's about a dozen. Whenever you have 12 committees in charge, that means no one's in charge."

I knew about a government contracting firm hired to get some of the DHS database projects moving, after they had been stalled for a long time. It was like trying to move a glacier.

There were too many agencies, too many bureaucrats, and too many egotists protecting their own territories. Nobody wanted to share data with anyone else. Nobody wanted to change their internal procedures in order to make them compatible with those of others. People kept bringing up new problems instead of looking for solutions.

Homeland Security is a farce of an agency. It was thrown together in haste, with very little planning, as a half-baked solution to the Terrorist Menace. It was given far too much money, and far too much leeway on how it should be spent. The independent agencies shoved into DHS were resentful and largely uncooperative, especially DOD.

When we take back America, DHS needs to be massively overhauled or even dismantled so that useful agencies such as FEMA can get their jobs done.

of the internets...and e-mail and Usenet.

I have a close interest in net security issues and follow developments with some interest. The operation of the net is secure because it is so diverse; otherwise all the traffic it generates would lock the whole thing up. The system of routers, particularly dynamic routing, works well in managing traffic flow.

The security issues might be based more upon concerns over the security of communications. Anyone who knows even a little about PGP will know it's perfectly possible to transmit encrypted data with almost zero chance of it being decrypted. That's why there are tight export controls on PGP - it is bulletproof. Data packets can be intercepted by anyone who knows how to do it (even SSL communications aren't 100% secure btw) but there's little point if the data is seriously well encrypted.

As for the use of the net by persons who wish to remain unknown...it's possible to use masking techniques including chaining proxies from out of the way places with very little chance of being caught, even if the first couple of proxies get busted (traced back to another IP in the chain). Assuming control would not help much in that respect.

I am worried about this being used as an excuse to censor content. After all, this debate would not be taking place were it not for the fact that the net is still more or less open in the "free" (I know) world.

Watch out for signs that they might be trying to shut down a source of embarrassment and free exchange of information.