Security: Who should be in charge?
- By Bryant Jordan
- Oct 02, 2000
Should the Defense Department assume responsibility for safeguarding the
country's communications infrastructure? A retired Navy vice admiral now
working in the private sector said the time has come for public debate on
"We're going to have to make a decision of that magnitude," said Michael
McConnell, a retired intelligence officer and former director of the National
Security Agency. "What would the FBI say? Or the Judiciary Committee?" he
Civilian law enforcement is responsible for investigating cybercrime
and network attacks, but McConnell suggested that those agencies do not
have the staffing necessary to defend against the terrorist-backed and state-sponsored
cyberattacks that are now possible.
Lawmakers would be concerned over the constitutionality of putting DOD
in charge, he said, adding that he would "not conclude" DOD should take
on the job, but believes the risk is great enough now to warrant discussion
An expert on information warfare and assurance said DOD should not be
given the role of guarding the country's communications networks. "Absolutely
not," said Dorothy Denning, director of Georgetown University's Institute
for Information Assurance. "A lot of the critical infrastructure, if not
most, is owned by the private sector, not the Defense Department, and the
government does not have a good track record of defending its own systems."
—McConnell is now a vice president for Booz-Allen & Hamilton Inc.
in charge of the company's infrastructure and information assurance division
for federal and commercial clients. He made his comments Sept. 28 to government
and industry officials in Alexandria, Va.