We've talked in the past about the problematic efforts to push for new cybersecurity regulations, especially when little to nothing has been done to show the actual problem. There has been quite a turf war over who would "own" cybersecurity within the federal government, with some wanting to give it to the Defense Department, where the NSA would control it (along with all your info), and others wanting to give it to the Department of Homeland Security. While neither option is ideal, DHS is clearly the lesser of two evils should it come to pass. It makes much more sense for this issue to be in the hands of a civilian organization rather than a military one -- especially a military one with a horrible track record when it comes to privacy. That said, it's tough to be enthusiastic about DHS either, given the various problems and abuses we've seen in that Department as well. Making matters even worse, it appears that the DHS boss, Janet Napolitano, who would effectively be in charge of cybersecurity, doesn't know much (if anything) about the internet, and seems rather proud of that fact, referring to herself as a Luddite
Homeland Security Secretary Janet Napolitano, who is a key player in national cybersecurity efforts, said on Friday she doesn't use e-mail.
"Don't laugh, but I just don't use e-mail at all," she said during a discussion at a Cybersecurity Summit hosted by National Journal and Government Executive. She didn't explain what communications tools she does use.
President Obama, who appointed Napolitano, broke precedent by carrying his own BlackBerry device. But in response to a question about her personal cybersecurity practices, Napolitano said she avoids many online services. "I don't have any of my own accounts. Some would call me a Luddite," she said.
I don't think anyone should be laughing, but perhaps they should be very, very worried. Or, perhaps they should be asking why she's in that job when she doesn't seem to have the necessary experience. If it does come to pass that DHS gets control over new cybersecurity efforts, this seems like a good reason to find someone else who actually has some grasp on what it is that they're regulating.