Bush classifies $200 million cybersecurity program, redacts questions about contractors
Redacts answers to Congress' questions about contractors
As Americans focus on the Olympics and the 2008 presidential campaign, the Bush Administration is finalizing plans to establish yet another massive surveillance program -- and has classified almost every single detail.
The Comprehensive National Cyber Security Initiative, established by National Security Presidential Directive 54 and Homeland Security Presidential Directive 23 in January, is intended to improve the government's ability to defend against cybersecurity attacks.
But the Bush Administration has refused to release details on the program's budget, how contracts will be administered, or what contractors might be involved. A whopping $115 million was allocated for the program this year, without any disclosure of progress or accomplishment.
Earlier this week, the Senate Homeland Security Committee released vague details about the program, after receiving some documentation from the Administration following a hearing in March. But the Administration's response redacted information regarding the contractors involved -- despite a history of giving away massive no-bid Iraq reconstruction contractors to companies such as Halliburton, Vice President Cheney's former firm.
“The response includes information on the National Cyber Security Center, how privacy will be protected under the CNCI, how success of the initiative will be measured, and how the Department views the private sector’s role in the initiative,” wrote the committee's Sen. Joe Lieberman (I-CT) and Sen. Susan Collins (R-ME). “The Department chose to redact information relating to contracting at the National Cyber Security Division. The senators have asked DHS explain their reasons for the redactions.”
Among the redacted questions: "Why was the determination made that the contract will be for a 10-month period?" and "How will the DHS provide appropriate oversight to ensure that the contractors support efforts do not intrude on inherently governmental functions?"
According to CNET's Stephanie Condon, the Administration won't even related how the program's "mission relates to Internet surveillance."
In one of the few details actually known about the program, Homeland Security Secretary Michael Chertoff announced that it would be led by Internet entrepreneur Rod Beckström in March. According to The Washington Post, however, Beckström is not a cybersecurity expert. His background is in open source wikis and in risk management software.
The announcement was dubbed a faux pas by Sen. Collins, who said in a letter that she was under the impression that the entire National Cyber Security Center was classified.
"Prior to this announcement, committee staff had been instructed that the existence of the NCSC was itself classified," Collins wrote.
"Their letter to DHS in May asked for a detailed account of the department's role in the Comprehensive National Cyber Security Initiative, noting a lack of information from the department, in spite of the fact that the administration had claimed that cybersecurity was one of Chertoff's 'top four priorities for '08,'" Condon notes.
Chertoff has requested $83 million for the center for 2009 on top of the $115 awarded for 2008, pushing the entire budget for cybersecurity over $200 million.
Even the Wall Street Journal, generally a fan of privatized government, has questioned the program.
"Rod Beckstrom, the director of the national cyber security center in DHS, continued the pattern [of providing few details] during his keynote at the Black Hat security conference Thursday in Las Vegas," the Journal's Ben Worthen wrote Thursday. "Instead of getting into specifics–both examples of real threats and what the government is trying to do about it–he mainly talked in general terms about how businesses need to understand better the economics of security and the need to improve collaboration between people and governments throughout the world. He also talked at length about Abraham Lincoln and George Washington, and how those two would have approached tech security."
"Beckstrom started in March, so he’s still pretty new. Plus, this administration has gone through cyber chiefs like Spinal Tap goes through drummers," Worthen added. "So we should cut him a little slack. Still, we couldn’t help but feel disappointed by what we consider another missed opportunity."
According to reports, the cybersecurity initiative is aimed at securing the government's cybernetworks across multiple federal agencies.