Cyber security plans assailed

Congress challenges secretive nature of computer safeguards

May 18, 2008|By Bradley Olson | Bradley Olson,Sun reporter

In a stinging rebuke, members of Congress from both parties are challenging a $17 billion plan that the Bush administration put on a fast track earlier this year to secure the nation's cyber networks from terror threats and foreign spying.

Critics say the administration's plan to label virtually every part of the project as classified would make adequate oversight impossible.

They also complain that some of the technologies poised to receive funding are "not mature" and that some projects deal more with foreign intelligence collection than protecting America's computer systems. Those systems have grown in recent years to manage nearly all aspects of life, including the flow of electricity, commerce and information.

"For all its ambitions, the cyber initiative sidesteps some of the most important issues that must be addressed to develop the means to defend the country," members of the Senate Armed Services Committee wrote in a report released last week.

In January, President Bush created the initiative, described by intelligence professionals as one of extraordinary scope that will rival in importance the Manhattan Project, the successful World War II-era effort to build the first atomic bomb.

The initiative draws on significant support from the National Security Agency and includes:

Creating a National Cybersecurity Center, akin to the National Counterterrorism Center that coordinates the resources and activities of numerous government agencies.

Reducing the number of federal government Internet connections from 4,000 or more to 50, which will further protect them.

Forming an emergency readiness team to monitor and respond to cyber-threats.

Creating a secure operating system for government computers, and also a computer-monitoring system called "Einstein" designed to look for potential security lapses or major attacks.

Department of Homeland Security officials are heading the project, called the Comprehensive National Cybersecurity Initiative. A spokesman for the agency declined specifically to address the committee's report or other criticisms.

This year, money allocated for the initiative will exceed $1 billion, said several analysts and sources familiar with its budget.

Committees balk

But at least two congressional committees asked the administration this month to scale back the effort. The administration's request for a cloak of high-level secrecy on a program aimed at global "warfare deterrence" seemed paramount in the criticisms. Many classified congressional briefings and hearings in recent months have done little to blunt accusations of unnecessary secrecy.

In letters to Homeland Security officials, several lawmakers noted instances in which committee members were told that certain projects were classified, only to discover that the administration later publicly disclosed them.

"A consensus has developed ... that the administration must do a better job of sharing information with Congress, the private sector and other stakeholders if the National Cyber Security Initiative is to succeed," said Sen. Joseph I. Lieberman, a Connecticut independent who chairs a Senate committee that oversees aspects of the program.

Even in the midst of the Cold War nuclear conflict, lawmakers noted in last week's report, superpowers shared information - if not about weapon designs, then at least about delivery and the circumstances for how weapons might be used.

The Cold War comparisons are no accident, analysts said, as the Defense Department has grown more wary of the ability of Chinese hackers to infiltrate U.S. government systems - as well as the efforts of other governments, terrorists, recreational hackers or "cyber-vigilantes."

"It is difficult to conceive how the United States could promulgate a meaningful deterrence doctrine if every aspect of our capabilities and operational concepts is classified," wrote members of the Senate Armed Services Committee. They "strongly" urged the administration "to reconsider the necessity and wisdom of the blanket, indiscriminate" decisions to classify aspects of the program.

Steven Aftergood, director of the Project on Secrecy for the Federation of American Scientists, called the comments "unusually direct and critical."

"Government intervention in Internet security raises questions for a lot of people," Aftergood said. "Does it imply surveillance? Does it imply unwanted monitoring of legal but private Web activity? What kinds of abuses might become possible that were impossible in the past? There are lots of legitimate questions about this activity that cannot be addressed as long as the program is highly classified."

"Secrecy here is not just unnecessary; it's counterproductive," he added.

The difficulty in revealing too much, however, is that it can telegraph any vulnerabilities, said Danny McPherson, the chief researcher at Arbor Networks, an information security company.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.