[Infowarrior] - House panel demands details of WH cybersecurity plan

[Richard Forno]

www.baltimoresun.com/news/nation/bal-te.cyber24oct24,0,2833040.story

House panel chief demands details of cybersecurity plan

By Siobhan Gorman

Sun reporter

October 24, 2007

WASHINGTON

   The chairman of the House Homeland Security Committee called on the
Bush administration yesterday to delay the planned launch of a multi-
billion-dollar cybersecurity initiative so that Congress could have time
to evaluate it.

Rep. Bennie Thompson said he wants to make sure the new program is legal
before it is launched. In an interview, the Mississippi Democrat said he
had been told that President Bush might unveil the initiative as early
as next week.

Known internally as the "Cyber Initiative," the program is designed to
use the spying capabilities of the National Security Agency and other
agencies to protect government and private communications networks from
infiltration by terrorists and hackers. The Sun reported the existence
of the program last month, but Thompson said the administration has
refused to discuss the initiative with members of his committee, despite
repeated requests.

In a letter this week to Homeland Security Secretary Michael Chertoff,
Thompson demanded that his committee receive a briefing on details of
the plan. He also warned that the "centralization of power" envisioned
under the initiative raised "significant questions" that should be
answered before the program is launched.

Thompson - whose panel oversees the Homeland Security Department, which
would run the initiative - said he was unaware of the program's
existence until it was revealed by The Sun in a Sept. 20 article.

A Homeland Security spokeswoman said Chertoff had received Thompson's
letter, which was dated Monday, and would respond "in a timely fashion."

"We do agree that cybersecurity is a very important issue, and that is
why since the beginning of this congressional session DHS has provided
more than a half a dozen briefings to the House Homeland Security
Committee on cyberthreats and related issues," said the spokeswoman,
Laura Keehner.

Thompson said that if the administration continues to give his panel the
silent treatment, he will consider issuing a congressional subpoena.

"You have to put sunshine on a program so sensitive as this," he said.
The administration is saying that "'you have to believe us.' Obviously,
as a nation of laws, we can't accept that."

Thompson said that because the program involves the NSA and similar
agencies, questions about privacy and domestic surveillance would be of
particular concern.

"What's the legal framework about which civil rights and civil
liberties, as well as constitutional issues, will be protected?" he
asked.

The Cyber Initiative is the second administration program in recent
weeks to draw criticism from Congress after it was revealed in a news
report. Last month, after a report in The Wall Street Journal, the
administration was forced to put a new domestic satellite surveillance
program on hold in response to congressional protests.

Few details about the Cyber Initiative are known because the
administration has been extremely secretive about the program, much of
which is highly classified. Current and former security officials have
spoken about the initiative on condition of anonymity because it has not
been announced.

The multiagency effort is being coordinated by Director of National
Intelligence Mike McConnell, a former NSA director.

Since last year, there have been a series of meetings among
representatives from McConnell's office, the NSA, Homeland Security and
the White House, said a senior intelligence official. And at the NSA,
several dozen people, including members of the general counsel's office,
have been working on the initiative for the past year, the official
said.

Plans call for a seven-year, multi-billion-dollar effort with as many as
1,000 or more employees from Homeland Security, the NSA and other
agencies, according to current and former government officials familiar
with the initiative.

The first phase would be a system to protect government networks from
cyberattacks, with a later phase designed to protect private networks
that control such systems as communications, nuclear power plants and
electric-power grids, said a former government official familiar with
the proposal.

The NSA's new domestic role would require a revision of the agency's
charter, according to the senior intelligence official. In the past, the
NSA's cyberdefense efforts have been focused on the government's
classified networks.

Officials have debated internally whether to locate these employees in
one facility in the Washington area or in multiple posts around the
country, the senior intelligence official said.

They have also discussed different ways to structure the program, said a
former Pentagon official familiar with the initiative. Options include:
creating a special office similar to the government response to the
Soviet Union's launch of Sputnik; a White House coordination group
modeled on the drug czar's office; and a "virtual" organization that
coordinates activities among various agencies.

Seeking details, Thompson has made four separate pleas for briefings
from Homeland Security, he said, including a direct request at a hearing
last week to the department's top cybersecurity official, Greg Garcia.

Thompson said the House Intelligence Committee also had not received a
briefing it requested from McConnell's office, but an Intelligence
Committee aide said yesterday that the panel expects a "detailed
briefing" this week.

Intelligence Chairman Silvestre Reyes, a Texas Democrat, has requested
information, the aide said, on exactly what the initiative would do "and
what the legal authorities are."

Thompson rattled off about a dozen questions he has about the program,
including what authority the NSA has to participate in domestic
monitoring and whether Fourth Amendment limitations on search and
seizure would prevent the government from using the evidence it gathered
to prosecute cybercrimes.

Questions about what each agency will be authorized to do have come
under considerable discussion inside the administration, said current
and former officials. Approval of the initiative was delayed because of
continued difficulty with such issues.

The federal government's role in monitoring private-sector networks is
"clearly the issue," the former government official said, adding, "If
you want to work with them and put things on people's lines to monitor
stuff, the general counsels of private-sector entities would say, 'You
want to do what?'"

Policymakers have become increasingly alarmed at the vulnerability of
trains, nuclear power plants, electrical grids and other key
infrastructure systems, which rely on Internet-based controls that could
be hijacked remotely to produce a catastrophic attack.

Recent attempted attacks on Pentagon and other government computer
systems have heightened concerns about holes in government networks, as
well.

Thompson noted that he has held several hearings on the emerging
cyberthreat, as well as on Homeland Security's challenges in managing
its own cybersecurity.

"We have tried to work with the department," Thompson said.

siobhan.gorman at baltsun.com