A Defense Department official has gone on the record saying the Department of Homeland Security should be the government entity with the principal responsibility for helping secure critical U.S. infrastructure from cyber attacks.
Eric Rosenbach, deputy assistant security of defense for cyber policy, made the comments at the recent RSA Security conference in San Francisco as the national spotlight intensifies on the domestic cybersecurity issue.
Some believe the National Security Agency, which secures classified government networks, should take the domestic lead.
Rosenbach disagrees, and believes NSA and DoD should play supporting roles to help secure the civilian Internet.
“Obviously, there are amazing resources at NSA, a lot of magic that goes on there,” he said, according to Wired.com.
“But it’s almost certainly not the right approach for the United States of America to have a foreign intelligence focus on domestic networks, doing something that throughout history has been a domestic function.”
Rosenbach said the FBI is also better equipped to work in conjunction with DHS as the domestic law enforcement body.
The Cybersecurity Act of 2012 introduced in February by Sen. Joe Lieberman (I-Conn.), Sen. Susan Collins (R-Maine) and Sen. Jay Rockefeller (D-W. Va.) proposes a structure similar to the one Rosenbach supports.
If passed, DHS would regulate companies that control critical infrastructure systems, while NSA and the National Institute of Standards and Technology, among others, would provide security standards the companies would adhere to.
The bill focuses more on protecting critical networks through information sharing rather than regulation, according to Wired.
DHS is now poised to take control of a DoD trial program where it shared NSA information with 17 contractors, including Northrop Grumman, Lockheed Martin and Raytheon.
Proposed DHS funding for cybersecurity increased 79 percent in the 2013 budget request over appropriated 2012 funds to $769 million.
The White House has reportedly pushed back against NSA’s desire to becoming more involved because of apparent concerns that the agency’s work with cybersecurity may overlap with its mandate to spy on threats to the U.S.
To some, there is too fine a line between protecting the country and collecting too much information on Americans.
To others, NSA is particularly well suited to intercept and prevent cyber attacks before they occur. The skills NSA possesses from carrying out its mandate are well respected in the intelligence community, Wired reports.
Wired notes that the Defense Department’s classified budget for cybersecurity is measured in billions, not millions.
What’s the potential damage?
The potential damage of cyber attacks to cause real damage to American infrastructure and security was a much-discussed topic at the conference.
FBI Director Robert Mueller told conference attendees that the FBI believes cyber attacks will soon surpass terrorism as the greatest threat to the U.S.
Despite Mueller’s concerns about terrorists developing advanced cyber attack capabilities, Martin Libicki, a senior scientist with the RAND Corporation think tank, does not think it has happened yet.
“There are not that many good hackers out there among the Jihadists,’ he said, according to Wired.
Others are not sure the incentive is there for many actors to attack the U.S.
Some panelists said China will likely rethink the value of its continuous attack on U.S. targets, because it will become increasingly susceptible to similar attacks as the modernizing Chinese economy become more dependent on information technology and the Chinese army becomes more net-centric.
“Look, America has big stones in its hand… but it also has plate glass windows,” a Chinese military officer once told Jim Lewis, a senior fellow and program director with the Center for Strategic and International Studies, according to Wired.
“China has stones in its hand, but we also have plate glass windows… they have an understanding there are shared vulnerabilities.”
But, panelists also said the threat should not be underestimated.
“Everybody is ready to do what they need to do,” Lewis said. “They’re doing the reconnaissance and they have the capabilities.”