Business Daily from THE HINDU group of publications
Monday, May 04, 2009
ePaper | Mobile/PDA Version | Audio | Blogs
eWorld
Features
Stocks
Cross Currency
Shipping
Archives
Google

Group Sites

 eWorld - Security
Columns - Security Musings
The politics of cyber security

US agencies are caught in turf war on patrolling cyberspace..

The most interesting part of the current exercise in the US is the debate over who in the administration will oversee cyber security.

V.V. Krishnan

A matter of boundary.

R.K. Raghavan

Cyber security is currently a hot topic in the US, what with the many breaches reported in recent months, of systems vital to national security and the day-to-day life of citizens.

For instance, The Wall Street Journal alleged a few weeks ago that spies had managed to break into computers running the national electricity grid. Whether this was the work of local hackers or the mischief of those with terrorist c onnections is yet to be known.

Alongside this, experts continuously talk of the ability of the Chinese and Russians to hijack computers in the US with great ease. They relate this to many instances in the recent past of ‘nuisance hacking’ and ‘nefarious assault’ on systems in the Pentagon and many federal agencies. Altogether, there is a near paranoia in the country, especially in the Establishment, about cyber security. There is a general feeling that not enough had been done to protect computers, particularly those in the Pentagon.

Not surprising, therefore, that within months of assuming office, President Obama ordered a national review of the state of cyber security with a view to tightening up existing arrangements. This so-called 60-day review is just over and its findings are about to be made public. As I write this, there is no clue as to what shape a possible new cyber security blueprint will take and how much money the Obama administration will commit itself to this. It is generally known there will be huge investment in infrastructure.

Turf war

The most interesting part of the current exercise in the US is the debate over who in the administration will oversee cyber security. There is a turf war here which is so typical of government agencies the world over.

The National Security Agency (NSA), which is authorised to snoop on all telephone calls and e-mail traffic in the US, wants to be the monarch of all it surveys. Support to this endeavour comes from the Director of National Intelligence, who said recently that the agency, more than any other organisation, had the necessary expertise and knowledge to safeguard the US cyber infrastructure. Further, it was doing vital work for national defence and needed all possible assistance. He admitted that the NSA had possibly made some mistakes, but these were not of any great consequence if one considered its crucial role in the protection of the country.

This view is, however, not shared by many others in and outside government.

The US Congress had, last year, authorised the NSA to monitor telephone calls and Internet traffic in the whole of US. Critics, especially those in the Department of Homeland Security, allege that the NSA went beyond the limits imposed on it. This charge is levelled by many others, including some Congressmen and rights activists. They believe that such blanket powers to pry into conversations and e-mail exchanges is an assault on privacy.

These voices, therefore, demand that responsibility for cyber security should not be the sole preserve of a single agency, such as the NSA, whose priority should be foreign targets and not frittering away its energies eavesdropping or prying into what citizens do. The Department of Homeland Security (DHS) is, in particular, peeved that the NSA is cutting into what should be its (DHS) territory.

Interestingly, Rod Beckstrom, former Director, National Cyber security Centre of the DHS, resigned from his post in March, obviously frustrated by what he considered as inadequate resource allocation to his centre. In his estimate, entrusting the task of cyber security to one agency was not desirable, and it had to be distributed among many others.

intrusion numbers up

This obvious turf war is being staged unmindful of a rising trend in cyber intrusions. In a revelation to the USA Today, the US Computer Emergency Readiness Team (US-CERT) is reported to have said that during 2008, cyber attacks against government computers went up by 40 per cent. In terms of numbers, unauthorised access to government computers and installation of hostile programmes accounted for nearly 5,500 breaches. Other statistics are equally forbidding. During the past three years, data breaches were linked to nearly 250 million documents. According to the Identity Theft Resource Centre (ITRC), insider theft of information doubled in 2008. This was likely to escalate further with the growing rates of unemployment.

The scene is serious enough for the Obama administration to do something drastic in order to restore public confidence in the government’s ability to protect its own information and that of the common man, when the latter browses the Internet. The White House had said last year that it was pushing for next-generation secure computers and networking for national security applications. It added that it was aiming at tougher new standards for cyber security. Also on its agenda was tackling corporate cyber espionage and criminal activity on the Net.

A rather ambitious agenda which requires unified endeavour on the part of all government agencies. This seems a distant dream against the current power struggle between the NSA on one side and all others in government led by the DHS. Ultimately, success in the formidable task of ensuring information security relies heavily on government-private partnership. Any lack of cohesion between the two will greatly dilute the efficacy of whatever comes out of the recent White House Review.

Cue for India

What does this teach us in India? I have not heard of any major exercise that is being contemplated to strengthen cyber security. It was only recently that we got the needed amendments to the Information Technology Act 2000 to give teeth to the enforcement of discipline in taking care of computers. This was after years of struggle.

Whether we will succeed in persuading the Ministry of Information Technology to agree to launch a transparent exercise of the kind sponsored by the White House is debatable.

Nevertheless, those of us who dabble in computer security and understand its importance in improving the image of India as a country that cares for digital security need to build a national consensus. Nasscom can perhaps play a significant role in this by disseminating information on the perils of cyber attacks and strengthening the Digital Security Society that has already been launched under its auspices.

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Wires, wires everywhere

Evolving, frame by frame
More on open source software
Handle with care
Lend your mite
‘Top line growth is priority’
Software for a ‘hard’ industry
The politics of cyber security
Quiz
Put simplicity on view
Cartoon
Secure supply
On-the-move computing


Smartbuy
The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | The Hindu ePaper | Business Line | Business Line ePaper | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |

Copyright © 2009, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line