, SecurityFocus 2009-03-11
Story continued from Page 1
Because the NSA is a military agency, putting the intelligence group in charge of Internet defense would be a bad idea, Microsoft's Charney said.
"There is no question that the center of technical expertise in the government is in the NSA," said Microsoft's Charney. "But at the end of the day, if you want the public to trust that the security is done in the right manner, then it cannot be the NSA."
Moreover, the intelligence community tends to think, not about information sharing, but about keeping information under wraps, said NetWitness's Yoran. Instead of sharing information with private network operators to help them secure their networks, the National Security Agency would be more likely to keep intelligence to itself.
"Our national cyber efforts are over classified, which could lead to catastrophic consequences," Yoran said.
Case in point: The Bush administration's plan for revamping the nation's cybersecurity — known as the Comprehensive National Cybersecurity Initiative (CNCI) — is so strictly classified that even members of Congress have not been able to acquire copies and the information-technology industry has had no access to the document, Yoran said.
"While the need for high levels of classification may exist in certain components of a national cyber effort — such as offensive capabilities or for the protection of sources and methods — such a broad over-classification is counter productive to supporting an effective cyber defense," Yoran said.
If you have tips or insights on this topic, please contact SecurityFocus.