- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - As Congress wrestles over cybersecurity legislation related to securing critical infrastructure and the electric power grid, arguments are surfacing on whether the power companies should handle any new federally mandated network protections or whether the U.S. government -- in particular the National Security Agency -- should be in the middle of it.
Some of these tensions, which usually remain behind closed doors in Washington circles, burst into the open this week with a Washington Post article that revealed how White House officials, on behalf of President Obama, have been issuing stern rebukes to NSA director Gen. Keith Alexander for what they say was his overstepping some boundaries in speeches arguing for more legal authority to defend the nation against cyberattacks.
At least one legislative proposal on Capitol Hill has advocated that power companies do continuous scanning with threat data provided by NSA and turn over any evidence of cyberattacks to the government, though critics call the idea obtrusive and a privacy violation.
The Feb. 27 Washington Post article quoted an unnamed White House administration official saying about Alexander, "We have had to remind him to at least be cognizant of what the administration's policy positions are, so if he's openly advocating for something beyond that, that is undermining the commander-in-chief."
Strong words, and at a panel at the RSA Conference this week on the topic of protecting the U.S. power grid, which is a sprawling geographic collection of interconnected grid segments primarily operated by private-sector companies, speakers expressed passionate views on the question of whether it's a good idea for the NSA to be involved in power-grid protection or not.
"I'm glad this has all come out. I'm on the side of the administration," commented Jason Healey, director of the cyber statecraft initiative at the Atlantic Council, a security think tank. He said if there's something really bad going on regarding power-grid cybersecurity, the NSA should declassify it. He wasn't in favor of the NSA monitoring the power grids directly.
Other panelists had a different view.
"This is not about protecting a super-secret interception system," said Stewart Baker, attorney at Steptoe and Johnson, who's had long-standing ties to the U.S. defense and intelligence community. "It is not, however, necessary for NSA to do all the monitoring."
But the NSA's abilities to fight cyberattacks coming in on a daily basis should be brought to bear for protecting the grid, Baker argued. "The only real operational fighters in this are the NSA. They feel great frustration that they should push string at this problem." They want to get out and do something to defend the nation's critical infrastructure against attack, he said.
In his talk on the RSA Conference panel, Baker discussed a survey sponsored by McAfee of power-grid operators around the world that showed a huge difference in how the English-speaking world of the U.S. and the United Kingdom treat regulation and security of power-grid operators versus Asian nations, such as China or Japan. Governments in Asian areas are much more involved in auditing security on their power grids that in the U.S. and the U.K.