Former FBI chief: NSA can't run cybersecurity alone
At FOSE 2009, Louis Freeh says that responsibility for cybersecurity should be shared among numerous government and industry players and not concentrated in a single agency.
WASHINGTON--Echoing recent comments from government and industry representatives, a former FBI chief on Thursday said the intelligence community would be the wrong place to put complete responsibility for cybersecurity.
Louis Freeh, who served as FBI director from 1993 to 2001, told audiences at the FOSE 2009 conference here that when the director of the Homeland Security Department's National Cyber Security Center resigned last week, he tapped into a strong historical resistance in the United States to centralized power, particularly in intelligence and military units. In his resignation letter, Rod Beckström said he opposes what he perceives as attempts by the National Security Agency to control DHS cyber efforts.
"The comments (Beckström) made really went to the heart of this centuries-old nationwide dilemma," Freeh said. "It is still the same debate we were having 200 years ago--is the military going to be responsible for this, or do we need to set up an independent civilian entity?"
Cybersecurity responsibility should be left up to a consortium of government and industry players, he said, and the private industry has had too much difficulty maintaining reliable cooperation with the intelligence community. He cited as an example the uncertainty over whether telecommunications firms were to receive immunity for agreeing to unlawfully open their networks to the NSA.
"Becoming subject to political factors no one can predict is not for them a very safe or advisable position," Freeh said.
Beckström's complaint against the concentration of power in the hands of the NSA is valid, Freeh said, since no single entity could properly provide nationwide cybersecurity.
"This problem is too large and too complicated to relegate it to a bureaucratic pigeonhole," he said.
The nature of cybersecurity, he said, has already resulted in pockets of expertise in multiple government agencies including the FBI, the NSA, and the military, as well as in the private sector. "That's not only a good thing, it is inevitable and irreversible," Freeh said.
While that expertise may exist, the government's cybersecurity efforts could be much improved, he said. Freeh said that so far, not enough emphasis has been put on the need to ensure privacy in cybersecurity efforts.
"We will not be able, as a government or private sector participant, be able to persuade people to support this if the privacy piece is lost," he said.
Ultimately, Freeh said, cybersecurity leadership has to come directly from President Obama.
"This is not going to be done by luck, or coincidence, or because everybody will agree on the formula," he said. "There has to be strong executive leadership."