We don't want to run U.S. cybersecurity efforts, NSA chief says
The director of the National Security Agency (NSA) today downplayed widespread concerns about his agency’s growing role in national cybersecurity affairs.
Speaking at the security-oriented RSA Conference 2009 being held here this week, Lt. Gen. Keith Alexander stressed that the NSA has no desire to run cybersecurity for the federal government. Instead, the NSA wants to team up with the U.S. Department of Homeland Security in developing and enforcing cyberdefenses for government and military networks.
“I think we need to dispel the rumor” about the NSA wanting to take control of the national cybersecurity agenda, Alexander said. “It’s not NSA or the DHS. It is one team for the good of the nation. The DHS has a really tough job. We want to provide them with the technical support” needed to combat threats in cyberspace.
“That is the right partnership,” Alexander said.
His comments appeared aimed at allaying concerns that the spy agency had begun exerting too much influence on the domestic cybersecurity agenda. Those concerns bubbled to the surface in early March when Rod Beckstrom, then director of the National Cybersecurity Center (NCSC) within the DHS announced that he was quitting his post after just a year on the job.
In a resignation letter to DHS Secretary Janet Napolitano, Beckstrom voiced concern over what he said were the NSA’s attempts to wrest control of the NCSC from the DHS. The NCSC was set up in January 2008 to coordinate cybersecurity and oversee such efforts across the federal government, and Beckstrom was its first director.
In that letter, Beckstrom noted that the NSA effectively “dominates” most national cybersecurity efforts and had sought to move the offices of the NCSC and the National Protection and Programs Directorate to an NSA facility in Fort Meade, Md. Beckstrom warned that allowing the NSA to run national information security efforts was a “bad strategy” because the intelligence culture embodied by the NSA was at odds with the “network operations or security culture” needed to defend government networks against threats.
[Source: Computer world]