- By Dan Verton
- Aug 07, 2000
Just when I was starting to miss the good old days of listening to former
Deputy Secretary of Defense John Hamre tell anybody who would listen that
the Joint Task Force for Computer Network Defense is "at war" every day
of the week, along comes Rear Adm. H. Winsor Whiton, commander of the Naval
Security Group. The admiral recently told a gathering of security professionals
at the Cyber Security Summit at Carnegie Mellon University, Pittsburgh,
"As many of you know, we're really at war today."
Although plenty of D-day veterans might have a different perspective
on what being "at war" means, I'll give the good admiral credit for what
he said next: "If you're not capable of defending your networks, you're
not capable of going to war." As a result, a certification requirement for
information operations has been added to the Battle Group Certification
Process that is required before a group is given the go-ahead for real-world
NSA's Retention Crisis
It's no secret: For years, the National Security Agency has been laboring
to attract and retain the best and brightest in the information systems
arena. And things are still tough, according to Mike Jacobs, a longtime
NSAer who managed the team of 35 hackers who reportedly proved through inference
that they could cripple the critical infrastructure of the United States
with a few laptops.
"Appealing to patriotism today is not enough" to solve the retention
problem at NSA, he said. "We are now shopping for a set of skills where
the people who have them are foreign nationals, and we cannot get them cleared."
Here We Go Again
While I'm on the subject of NSA, consider the agency's latest hire:
retired Maj. Gen. Harry Gatanas. The former Army general has been appointed
NSA's senior acquisition executive, responsible for overseeing the agency's
effort to maintain its position on the cutting edge of technology.
His appointment comes on the heels of the agency's decision to take
William Black Jr. out of government mothballs to be the new deputy honcho
at the super-secret spy agency. Black, as you'll recall, retired from NSA
in 1997 and took a job in industry. Can somebody please tell me if the phrase
"new blood" means anything to anybody at Fort Meade? If NSA Director Lt.
Gen. Michael Hayden wants some high-tech, Silicon Valley-style advice, I
would tell him to "hire the guy with the ponytail."
Looting Def Con
More than 6,000 people, most equipped with ponytails and nose rings,
attended this year's annual Def Con hacker conference in Las Vegas. However,
my slot machine listening posts report that it wasn't too hard to pick out
the slew of government (i.e., NSA and Defense Department) officials who
attended the show. I have 20 bucks that says the NSA members present weren't
from the technology and security directorate. It's more likely they were
from the human resources department.
"There is a big question" facing the federal critical in-frastructure
protection community "about whether industry will take the lead" in security,
according to John Tritak, director of the Critical Infrastructure Assurance
"Version 2 of the National Plan [for Information Systems Protection]
will be written by industry," he said. "There are many people on the Hill
who are rightly concerned about whether national security can be handled
by economic, market-driven needs." However, if the private sector doesn't
come to the table, they run the risk of sitting idly by as the first "digital
Exxon Valdez" occurs, Tritak said.
But the CIA may have figured out a way to combine the two, according
to Jeffrey Hunker, senior director for critical infrastructure at the National
Security Council. When asked recently if government ideas for security
research and development would continue to end up "on the cutting room
floor," Hunker replied, "I have two words: venture capital." It represents
a "great unexploited opportunity" for federal information security programs,
he said, noting that he is "struck" by the CIA's In-Q-Tel venture capital
Intercept something? Send it to the Interceptor at email@example.com.