• E-mail this page
• |  Print this page
• | 
• | 
• | 

Senate Should Stop Complaining About Bush Cyber Security Initiative

I've been following the debate surrounding U.S. Senate authorization of funding for President Bush's Comprehensive National Cyber Security Initiative. A bunch of senators are complaining that they don't know precisely what they're funding and that there's all sorts of secrecy involved. Hey, of course much of the plan is secret! It's about security, stupid.

It's only fair to note that many projects with analogous objectives -- say, stuff hidden deep in the defense budget -- have a significant chunk of their budget tied up in "black" projects. This is the kind of stuff contractors work on in copper-walled shielded rooms, with double padlocked doors barring the entrance. (Also, you can't take USB drives home from work.)

So why should the Cyber Security Initiative be any different? From what I can tell, it isn't: There's scant public info posted. (I did find this, from NIST, which appears to describe only a small portion of the plan.)

Anyway, so the Senate snit includes the complaint, according to The Baltimore Sun, that "some projects deal more with foreign intelligence collection than protecting America's computer systems."

Ars Technica reported that Sens. Joe Lieberman and Susan Collins are ticked that Homeland Security Secretary Michael Chertoff hasn't shared much information on the initiative with Congress. (Homeland Security stonewalling; there's a shocker!) Since Lieberman and Collins are no slouches on security, one can infer that they're mainly annoyed at being left out of the loop.

One would think that, if savvy politicians were behind the Cyber Security Initiative, they would go out of their way to make nice with folks predisposed to support them. (To borrow the words of another former government official, lining up support for the Initiative should've been a slam dunk.) Nevertheless, the fact Homeland Security has a reputation for ham-handedness does not for a second negate the value of the Initiative.

I'd also say that, if some of the senators are correct in their suspicions that a bunch of some monies tagged to the initiative are instead going toward foreign-intelligence collection -- not a bad thing, by the way -- this simply means that, at the end of the day, we will eventually have to fund whatever cybersecurity tasks are left on the cutting room floor. And, from what we do know of the initiative, via two goals which have leaked publicly, there's some worthy stuff here. (So you see, dear readers, that my support does not hinge on giving the government a blank check. I'm making a reasonable assessment of what's reasonably knowable.)

First is improved cryptographic keys and practices. The second is cutting down the number of government networks from thousands to hundreds, on the theory that this will close down the number of outward-facing portals open to cyberattacks. (On the other hand, one wonders if, under the law of unintended consequences, this might actually make things worse in the event of a successful attack, because such an attack would by definition be more damaging.)

I'll leave answers to that last thought to famed security blogger Bruce Schneier, who nicely frames a closing question on the whole matter. Noting in his blog that Congress wants to know what the initiative is going to do, Schneier writes: "I have to admit, I'm kind of curious myself."

Me, too. As in, I'd like to know, but I don't necessarily expect to, just like I don't expect to get an escorted tour through the NSA's computer facilities. Mostly, I think the Senate should quit whining, and get on with passing the authorizations.

Like this blog? Subscribe to its RSS feed, here.

For a mobile experience, follow my daily observations on Twitter.

Check out my tech videos on this YouTube channel.

« Is SaaS 'Unstoppable' For Open Source? | Main | Virtualization’s Yin And Yang »