[Infowarrior] - WH Taps Tech Entrepreneur For Cyber Defense Post

[Richard Forno]

White House Taps Tech Entrepreneur For Cyber Defense Post

By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, March 19, 2008; 8:21 PM

http://www.washingtonpost.com/wp-dyn/content/article/2008/03/19/AR2008031903
125_pf.html

The Bush administration is planning to tap a Silicon Valley entrepreneur to
head a new inter-agency group charged with coordinating the federal
government's efforts to protect its computer networks from organized cyber
attacks.

Sources in the government contracting community said the White House is
expected to announce as early as Thursday the selection of Rod A. Beckstrom
as a top-level adviser based in the Department of Homeland Security.
Beckstrom is an author and entrepreneur best known for starting Twiki.net, a
company that provides collaboration software for businesses.

The new inter-agency group, which will coordinate information sharing about
cyber attacks aimed at government networks, is being created as part of a
government-wide "cyber initiative" spelled out in a national security
directive signed in January by President Bush, according to the sources, who
asked to remain anonymous because they did not have permission to talk
publicly about the information.

The presidential directive expanded the intelligence community's role in
monitoring Internet traffic to protect against a rising number of attacks on
federal agencies' computer systems. According to the sources, the center
will be charged with gathering cyber attack and vulnerability information
from a wide range of federal agencies, including the FBI, the National
Security Agency and the Defense Department. Beckstrom will report directly
to Homeland Security Secretary Michael Chertoff.

Reached via phone Wednesday evening, Beckstrom declined to provide any
specifics about his new position, saying only, "I'm thrilled to be on the
DHS team, and I am looking forward to doing my best to serve the country."

The White House and the Department of Homeland Security declined to comment.

Beckstrom's appointment comes at a time when the government has acknowledged
that its information systems have been the target of repeated cyber attacks
originating in other counties. The attacks have lead to compromises and
several large data breaches at federal agencies and contractors.

Sources with knowledge of the selection process said Beckstrom's candidacy
was backed chiefly by top brass at the Defense Department and the National
Security agency.

But Beckstrom's appointment raises a number of questions. James Lewis,
director of technology and public policy for the Center for Strategic and
International Studies, noted that DHS only recently appointed Greg Garcia,
former head of the Information Technology Association of America, to be
assistant secretary for cyber-security and telecommunications, a position
fought for and won through tireless lobbying from lawmakers on Capitol Hill
who believed DHS wasn't placing a strong enough emphasis on cyber.

Garcia in turn answers to Robert D. Jamison, who serves as Under Secretary
for National Protection and Programs Directorate. When asked last week at a
press briefing about a simulated cyber attack against the United States who
would lead the government's response in the event of a sustained cyber
attack on the federal government, Jamison said that duty would fall to him.

"Here you have a group that's allegedly in charge of cyber for DHS, and then
we see another group being set up outside that in a structurally new way,"
said Lewis, whose employer is spearheading a group of industry and
government cyber experts called the "Commission on Cyber Security for the
44th Presidency," which is expected to present the next president with a
series of actionable recommendations he or she can take to tackle some of
most pressing cyber security problems facing the government, industry and
consumers. "We still don't know what [Beckstrom's] relationship will be to
all of the other bits of cyber bureaucracy lying around."

Roger Kresse, a former Bush administration official and president of Good
Harbor Consulting, said the creation of a new coordinating group on
cyber-security "reflects a concern that government networks have been
compromised at an unprecedented level."

"The very fact that the president signed a cyber-security presidential
directive in the last year of his administration reflects that the current
approach the government is taking is not working," Kresse said.

By all accounts, Beckstrom is neither a cyber-security expert nor a
Washington insider. But his private-sector background and published writings
emphasize a decentralized approach to managing large organizations.

In "The Starfish and the Spider: The Unstoppable Power of Leaderless
Organizations," a book Beckstrom co-authored with Ori Brafman in 2006, the
authors use the two creatures to illustrate their argument that
decentralized organizations -- whether in the marketplace or the battlefield
-- are more nimble, creative and resilient than those that operate in a
rigid, top-down fashion.

Following this analogy, user-driven, starfish-like organizations distribute
decision-making among all members. If parts of the organization are crushed,
the whole survives and recovers, just as a starfish regenerates an arm if it
is severed. In contrast, the book posits, industry and government are more
akin to "spider" organizations that function within a centralized structure,
with the leader calling the shots. One solid blow to the head cripples or
kills a spider.

"Whether we're looking at a Fortune 500 company, an army, or a community,
our natural reaction is ask, 'Who's in charge?'," Beckstrom and Brafman
wrote. "The absence of structure, leadership, and formal organization, once
considered a weakness, has become a major asset. Seemingly chaotic groups
have challenged and defeated established institutions. The rules of the game
have changed."

"I think it's a unconventional choice, and that's a good thing," Kresse said
of the Beckstrom pick.