Expect changes in U.S. approach to cybersecurity

The U.S. approach to cybersecurity is likely to change significantly under the Obama administration.  Although it’s not clear yet exactly what priorities will be sacrificed to make room for the increased focus, or how the changes will all play out, here are some highlights of recent activities in this area:

  • Reports: A recent report highlighted weaknesses in U.S. cybersecurity efforts, and recommended changes to U.S. cybersecurity leadership and policy, including the White House taking over the lead for cybersecurity efforts from DHS.
  • Obama Administration: President-elect Obama’s statements during the campaign, and his relationships with the authors of the reports (several of whom are advisors to his campaign), suggest that he’ll probably appoint a “cybersecurity czar” at the White House to coordinate national cybersecurity efforts.  Speculation is rising about who he’ll appoint to the post.
  • Congress: Key members of Congress have stated concerns about our lack of preparedness and inability to protect from and respond to cyber attacks.
    • Rep. Dutch Ruppersberger (D-MD), chair of the House Intelligence subcommittee on Technical Intelligence, says billions of dollars need to be invested by both government and the private sector.  Rep. Ruppersberger also supports appointment of a “cybersecurity czar” at the White House.
    • Rep. James Langevin (D-RI), chair of the House Homeland Security subcommittee on Cybersecurity, said “We’re way behind where we need to be now.”  Rep. Langevin has also called for leadership of cybersecurity efforts to be removed from DHS, and for increases in our offensive cyber warfare capabilities to use as a deterrent (much as our offensive conventional and nuclear capabilities are used as a deterrents to conventional and WMD attacks).
  • DHS: Although DHS Secretary Michael Chertoff agrees we have significant vulnerabilities, he cautions against changing leadershipof cybersecurity efforts at this stage.  But incoming Secretary Janet Napolitano may have a different view, especially if changes are supported by President-elect Obama.
  • Front-Line Stakeholders: Many key participants in a recent cyberwar simulation exercise reported that we’re not prepared for a real cyberwar.
  • Recent Precedents: Cyber attacks aimed at Estonia earliet this year, and aimed at Georgia during the recent conflict between Russia and Georgia in South Ossetia underscored both the likelihood and effectiveness of cyber-attacks during a conflict of any kind.  These attacks were effective, even though they are widely believed to have come from non-state actors (Russian sympathizers).

Summary:

With agreement about our vulnerability all the way from the front line to Congress and the White House, expect some major changes in both leadership and policy.  Increases in funding should also be expected, though whether funding comes as new expenditures or shifting of funding from other areas remains to be seen.

For more information:

Advertisements

Congress halts funding for DHS programs until conditions are met

From FCW.com:

Concerned about the management of major programs, Congress placed a temporary hold on over $1 billion dollars allocated for several large projects at DHS until certain conditions for improvements are met.

Programs put on temporary hold include:

  • The Coast Guard’s Integrated Deepwater Systems ship replacement program: $550 million held out of $1 billion
  • The Secure Border Initiative (including the SBInet virtual fence): $400 million / $775 million
  • CBP’s Automated Commercial Environment: $217 million / $317 million
  • U.S. VISIT (that collects fingerprints from foreign visitors): $75 million / $300 million

Congress’ detailed instructions were included in the continuing resolution signed by President Bush last week that included fiscal 2009 appropriations for DHS.

Breakdown of the FY2009 Homeland Security Appropriations Bill

See this brief breakdown of the Homeland Security Appropriations bill signed by President Bush last week:

FY2009 Homeland Security Appropriations Bill

Here’s the House version of the bill, in case you want to read it through in detail; there’s also some analysis from Govtrack.us which is alot more valuable for most of us:

Note: The numbers of the bills are confusing, as is which came first.  But bottom line, this bill was combined with the continuining resolution (H.R. 2638) for most of the federal government, so the text of the Homeland Security appropriations bill shows up as Division D of H.R. 2638 (pages 194 – 291), and will actually be voted on as part of the continuing resolution (not separately).

Tidbit: Panel wants larger DHS acquisition workforce

The House thinks DHS takes too long to review and award contracts, and has specified money in the FY2009 Homeland Security Appropriations Bill to address that by beefing up DHS acquisitions:

Federal funding delays probably won’t affect Homeland Security

Current word is that most federal government spending will be funded by a continuing resolution through March (current date is March 6, 2009).

However, although there are no guarantees yet, this probably will NOT include Homeland Security – the Homeland Security Appropriations bill is expected to be passed before Congress adjourns for the year.

Note: If you don’t know what a “continuing resolution” is, it’s basically a stop-gap to continue funding at current levels.  In really basic terms, this means that the federal government will only spend money to continue current operations (at the current funding levels), not funding any new programs until March 6.  In January and February (after the new President takes office), they’ll pass the “real” appropriations bills, which will include any new programs or changes to the current funding levels.