[Infowarrior] - 'Cybersecurity commission' to proffer advice to next president

Richard Forno rforno at infowarrior.org
Sat Aug 9 15:15:47 UTC 2008 

'Cybersecurity commission' to proffer advice to next president
Posted by Declan McCullagh 4 comments
http://news.cnet.com/8301-13578_3-10009603-38.html

LAS VEGAS--Transitions between presidential administrations are  
typically influence-peddling, power-consolidating, appointee-vetting  
exercises run by Washington insiders. Perhaps that's why the  
quintessential Washington think tank, the Center for Strategic and  
International Studies, is trying to insert itself into the process.

The private organization, which has close ties to the U.S. military  
and counts Henry Kissinger on its payroll, has gathered about 35  
people and awarded them the official-sounding title of "Commission on  
Cyber Security for the 44th Presidency." Adding to the formality are  
some closed-to-the-public meetings and ex-officio members from federal  
agencies, congressional offices, and the nebulous "intelligence  
community."

The group's mandate is unusually broad: developing a "forward-looking  
framework for organizing and prioritizing government efforts to secure  
cyberspace." But four of its members indicated on Wednesday that the  
commission is focused on compiling no more than five recommendations  
and will not be proposing legislation or suggesting dramatic changes.

Marcus Sachs, Verizon's director of national security policy, a former  
government official, and a commission member, said that stealthy  
cyberintrusions were a real threat to the security of today's networks.

"In the transition between the Clinton and Bush presidencies in late  
2000, there was no group doing what we're doing now...trying to tee up  
cybersecurity as an agenda item," Sachs said during a panel discussion  
at the Black Hat security conference here.

"What we're really trying to figure out is how to collaborate" between  
government and industry, said Peter Allor, an IBM security program  
manager and a commission member. "Information sharing is broken. It's  
a one-way send."
Marcus Sachs, who helped create the National Strategy to Secure  
Cyberspace and now an executive director for government affairs at  
Verizon, talks at Black Hat 2008 about the origin of the Commission on  
Cyber Security and the challenges it will face with a new presidential  
administration.

(Credit: Elinor Mills/CNET News)
Download video!

Of course, calling for better information-sharing is like promising to  
clean up Washington: everyone says it's a good idea, but nothing ever  
seems to happen. (CNET News, for example, published an interview in  
2002 in which the head of the Partnership for Critical Infrastructure  
Security said better "information sharing" was a "strategic area." In  
a 2004 follow-up, a senator said "we need a complete system of  
information sharing" between the private sector and the government.)

One panelist said that the FBI's "InfraGard" information-sharing  
relationships with the private sector shouldn't change.

"We're not recommending to do away with InfraGard," said Jerry Dixon,  
director of analysis at the Team Cymru research firm, a former  
Homeland Security official, and a commission member. "That's something  
that the executive departments have set up... We're certainly not  
recommending to do away with those different partnerships because they  
belong to the different departments."

The CSIS panel is composed mostly of industry, government, and ex- 
government types. Among the other members: Mary Ann Davidson, Oracle's  
chief security officer; Doug Maughan, a Homeland Security program  
manager; Will Pelgrin of New York's cybersecurity office; Phil  
Reitinger, a Microsoft security strategist; and Amit Yoran, chairman  
of NetWitness and a former Homeland Security official.

The commission plans to publish the final report in "early November"  
and, perhaps, an earlier draft for public comment.

"It has to be elevated to the highest echelons of this government and  
internationally," Tom Kellermann, a vice president at Core Security  
Technologies, a former World Bank security official, and a commission  
member, said, referring to cybersecurity topics. "We're losing the  
war. It's essential. That's the key theme of the recommendations that  
will come out."

The difficulty is making sure a President McCain or President Obama  
pays attention to them. The ACLU, for example, presented the incoming  
President Clinton with a briefing book called "Restoring Civil  
Liberties: A Blueprint for Action." As it turned out, Clinton embraced  
the notorious Clipper chip, mandatory wiretapping rules, and attempts  
to ban encryption products without backdoors for government  
surveillance.

Then again, even if the CSIS commission finds its recommendations  
ignored, the identities of its members may not be. In Washington,  
joining commissions like this one serves a convenient secondary  
purpose: it just happens to circulate your biography to the people who  
are doing the hiring for the new president.

More information about the Infowarrior mailing list