[ISN] U.S. Cybersecurity Office May Relocate

InfoSec News isn at c4i.org
Thu Sep 23 03:15:34 EDT 2004

Forwarded from: William Knowles <wk at c4i.org>


The Associated Press
September 22, 2004

WASHINGTON - The House will propose moving cybersecurity offices from
the Department of Homeland Security to the White House as part of the
intelligence reorganization, according to draft legislation obtained
Wednesday by The Associated Press. The bill, expected to be introduced
Thursday, would place cybersecurity into the White House budget

The change reflects frustration among some Republican lawmakers about
what they view as a lack of attention paid to cybersecurity by the
Department of Homeland Security (DHS).

Some technology companies also have expressed similar concerns, but
industry lobbyists reacted cautiously Wednesday to the proposal.

"DHS deserves the opportunity to demonstrate its effectiveness before
taking this step," said Tom Galvin, a vice president at Verisign Inc.,
an information security firm. But he said he understood the
frustration among some in the industry and in Congress.

The Department of Homeland Security considers equally important the
protection of the nation's physical structures, such as bridges and
buildings, and computer networks, which regulate the flow of
electricity, phone calls, finances and other information.

Many leading technology companies have urged the Bush administration
to pay greater attention to cybersecurity, arguing that a shutdown of
vital networks could lead to sustained power outages and other serious

"The fact that this is even being discussed reveals an incredible
level of unhappiness and frustration over how DHS has handled
cybersecurity," said Roger Cressey, a former White House cybersecurity

The government's cybersecurity chief, Amit Yoran, works at least three
steps beneath Homeland Security Secretary Tom Ridge. Yoran, who is
well regarded by the technology industry, effectively replaced a
position in the White House National Security Council once held by
Richard Clarke, a special adviser to President Bush.

The new proposal would create a new Office of Critical Infrastructure
Information Protection at the Office of Management and Budget. Its new
administrator would be responsible for analyzing electronic threats
from hackers and terrorists against vital networks, issuing warnings
about attacks, reducing weaknesses and coordinating with private
companies and organizations.

Those are currently responsibilities of the National Cyber Security
Division, run by Yoran inside the Infrastructure Assurance and
Information Protection directorate at Homeland Security.

The White House budget office already has ties to cybersecurity
issues; the government's council of chief information officers, which
coordinates federal computer issues, works out of OMB. The office also
has worked extensively on "e-government" issues, such as compelling
federal agencies to offer citizens electronic copies of paperwork.

Still, the Republicans' proposal - and the sudden decision to include
it in fast-moving legislation to reform the U.S. intelligence
bureaucracy - surprised some technology industry leaders.

"We weren't consulted," said Harris Miller, head of the Information
Technology Association of America, the industry's leading trade group
in Washington. "It's not saying it's a bad idea, but it's out of the

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

More information about the ISN mailing list