February 21, 2009
For all the fears of sophisticated digital intrusions preoccupying many computer security professionals, President Obama’s leading candidates for “cyber czar” also are focusing on an all-too-human vulnerability: The nation’s inability to respond to a full-fledged Internet-borne crisis for lack of a central cyber commander.
Former White House cybersecurity official Paul B. Kurtz, in his first public remarks since becoming an advisor to President Obama’s transition team following the election, describes his biggest worry: A “cyber Katrina” in which fragmented bureaucracies and companies fail to share critical information and coordinate responses to cyber intruders attempting to disrupt power grids, financial markets, or any number of now-plausible scenarios involving a Web shutdown. One recent fear is the cascading effects of even a partial Internet blackout that could add to economic anxieties. There’s such electronic insecurity afoot, some are even beginning to suggest building an entirely new global computer infrastructure.
“The bottom line is, is there a FEMA for the Internet? I don’t think there is,” Kurtz told an audience of security professionals at a Feb. 18 Black Hat security conference in Virginia.
Kurtz’ solution: A trio of key agencies – the Defense Department, the Department of Homeland Security, and the Federal Communications Commission – but overseen by a new national cybersecurity center.
Balkanized bureaucracies with incomplete awareness, conflicts, and unclear responsibilities – no single entity aggregates, analyzes and rapidly prescribes action for ongoing threats – “reminds me of the days before 9/11 when I’d be in meetings in the situation room, with NSA and CIA and FBI guys on different screens, and the FBI guys would say, ‘oh, I can’t share this because it’s law enforcement information,” says Kurtz, an infrastructure guardian who has served on White House homeland and national security councils.