from the fox-guarding-the-henhouse dept
As network infrastructure has become an increasingly important part of our economy, there's been growing concern about the problems of cybersecurity. So far, the key debate is over whether the government should be involved in helping the private sector secure its networks or should focus on government networks. But another important question is which part of the government should be in charge of cyber-security. We're in the midst of a bureaucratic turf war between the Department of Homeland Security and the National Security Agency over who will be in charge of government cybersecurity policy. The NSA's head, Keith Alexander, is pushing the theory that cyber-security is a "national security issue," and that therefore an intelligence agency like the NSA ought to be in charge of it.
The problem with this is that the NSA has a peculiar definition of cyber-security. When most of us talk about cyber-security, we mean securing our communications against intrusion by third parties, including the government. Yet the NSA has made no secret of its belief that "cyber security" means being able to spy on people more easily. Moreover, as Amit Yoran, former head of the Department of Homeland Security's National Cyber Security Division, points out, the NSA's penchant for secrecy, and concomitant lack of transparency, will be counterproductive in the effort to secure ordinary commercial networks. Therefore, the fight between DHS and the NSA is more than just a bureaucratic squabble. There's plenty to criticize about the Department of Homeland Security, and reasons to doubt whether they should be helping to secure private sector networks at all. But at least DHS is relatively transparent, and (as far as we know) doesn't engage in the kind of indiscriminate, warrantless wiretapping for which the NSA has become notorious.