April 21, 2009, 8:18 PM — The National Security Agency doesn't want sole responsibility for running U.S. cyber security, the agency's director said Tuesday.
Speaking at the RSA security conference in San Francisco, NSA Director Lieutenant General Keith Alexander said that any effort to keep U.S. and government networks safe would be a group effort, rather than a centrally managed operation.
The question of who should manage the security of U.S. government networks has become a bit of a hot-button issue in recent weeks. In early March, former technology entrepreneur Rod Beckstrom quit his position as director of the organization chartered with coordinating federal cyber security, the National Cybersecurity Center, saying that the NSA had an oversized role and dominated national cyber security efforts.
In his March 5 resignation letter, Beckstrom said that the NSA's culture was too different from network operations and security culture, and that top-level government network security monitoring could represent a threat to the democratic process.
Alexander appeared to be addressing Beckstrom's criticism in his opening remarks at the conference. "We do not want to run cyber security for the United States government," he said. "That's a big job. It's going to take a team to do it."
The NSA director said that security guru Bruce Schneier was right, when just minutes earlier he had told the audience that "nobody" should be in charge of cyber security. "A top-down somebody's-in-charge model is not the right model," Schneier said.
In an interview Tuesday, Beckstrom said that he was happy to hear the NSA saying it didn't want to run U.S. cyber security, and was encouraged to see a discussion of the question of how much power the NSA actually wields. He said that agencies like the FBI and U.S. Department of Homeland Security, even the U.S. Department of Commerce, need to get more funds in order to take an active role in cyber security. "There needs to be a balance of power," he said. "I think the budgets are lopsided."
Last year, the Bush administration kicked off a cyber security initiative that was expected to cost as much as US$40 billion over the next few years. The NSA's budget is classified, so it's unclear how much of that money is being spent by the agency.
Clearly, the NSA has a major role to play, Alexander said. "We're technical people. We'll have the lead, I think, for the Defense Department and the intel community, for critical national security systems, but we need partnership with others," he said.
Alexander also called for cooperation from outside of the government too. "DHS has a big role in it, but perhaps most importantly today, we need to talk about your role in it and our allies and academia," he said.
