The “Czar” of the Department of Homeland Security’s (DHS) secretive National Cybersecurity Center (NCSC), Rod Beckstrom, submitted his resignation to Secretary Janet Napolitano on March 5.  Beckstrom’s letter illuminates several key problems in the program that have resulted from bureaucratic infighting.

Beckstrom was responsible for understanding what kinds of threats and attacks are occurring across the federal government then feeding that information to a similarly named, but distinct, structure within DHS known as the National Cybersecurity Division (NCSD).

According to Beckstrom, OMB and undisclosed parties within DHS sought to engineer roadblocks to prevent Beckstrom and the NCSC to function properly.  Included in these efforts was the allegation that the program only received 5 weeks of funding in all of 2008.   The budget for the entire cybersecurity program at DHS is $210.4 million and President Obama has just announced a request to increase this amount to $355 million.

While at DHS, the cybersecurity program as a whole has been kept largely under lock and key away from public scrutiny.  It was initiated under a broader Comprehensive National Cybersecurity Initiative (CNCI) last January when President Bush signed NSPD-54/HSPD-23, a directive which is still classified.  Last year, Sens. Lieberman and Collins wrote that they “have concerns about how information has been shared with Congress and other stakeholders concerning this initiative.” They asserted that DHS had kept pertinent information classified at too high of a level to permit proper congressional oversight.

Now, Beckstrom states that the “NSA effectively controls DHS cyber efforts.”  The National Security Agency (NSA) supplies the detailees and technologies to the program.  Further, a proposal has been made to relocate the NCSC to a Fort Meade facility, home of the NSA.  This is important because it is indicative of efforts to move security and network based infrastructure to an agency that is hidden from public oversight and focused on data gathering for intelligence purposes.  Such efforts, Beckstrom argues, have effectively placed all top level government network security and monitoring under the purview of the NSA. 

Jim Dempsey of the Center for Democracy and Technology called this one exactly a year ago criticizing the cybersecurity program for giving NSA too much power over information sharing calling an organization which “operates in secret and is bent on stealing information.”

It seems that DHS is not willing to give the cybersecurity program the attention and staffing that it needs while NSA is all too willing to take over the program.  Beckstrom is the not first to resign from leadership in the cybersecurity programs at DHS.  Richard Clarke did so in February 2003 followed by Howard Schmidt that April.  Amit Yoran resigned in October 2004 reportedly because DHS did not place a strong emphasis on the cybersecurity threat.

NOTE:  This entry was originally posted on 3/6/2009, but I realized I was confusing the NCSD with the NCSC.