Risk
3/9/2009
06:29 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

U.S. Cybersecurity Director Resigns, Blames NSA

Rod Beckstrom criticizes the NSA's dominance of most of the nation's cybersecurity initiatives.

Lawmakers in the House will hear testimony from various experts on Tuesday about the progress of the government's cybersecurity review, which should be completed next month.

Howard Schmidt, president and CEO of R&H Security Consulting and a security expert who has held positions at eBay, Microsoft, and various government posts, said Beckstrom's departure was not unexpected, given the typical shuffling of deck chairs that accompanies a new administration.

Perhaps as a result of his experience in the Air Force and with various government security and law enforcement agencies, Schmidt suggested that Beckstrom's criticism of the NSA was excessive. "If I was back in the government and I was looking for an agency as an organization to help protect my systems, I would be looking to the NSA," he said.

Schmidt supports the idea of a public-private partnership between the NSA and the organizations that own and operate much of the U.S. critical infrastructure. But he also said that in the context of government systems, the kind of secrecy that comes with NSA involvement may be appropriate. "The days of security by obscurity are long gone, but there are things not to be aired in public," he said.

Between the NSA and NIST, which oversees federal technology standards, there's a lot of good work being done for the public's benefit, said Schmidt. "We shouldn't be afraid of them."


InformationWeek will highlight innovative government IT organizations in an upcoming issue. Nominate your agency by submitting an essay on your most innovative IT initiative completed in the last year. Find out more and nominate your organization by May 1.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

CVE-2014-2356
Published: 2014-07-30
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.

Best of the Web
Dark Reading Radio