The battle over cybersecurity

The FBI also has a cybercrimes division. I'm much more inclined to trust the FBI and Homeland Security than the NSA in these matters. We need more transparency, not less.

The fact that there is a struggle of this magnitude, with one side being an ultra-secret powergrabber...for this entitled behavior, a few heads should roll at the NSA. Maybe I've seen too many spy movies, but a unit built on secrecy, one that pries first and asks permission later...pretty soon that's SOP, entitlement, self-justification...more and more and more. Nope, not on MY watch (I did get to vote, after all.)

Honestly, both of these agencies lack the sophistication to be effective. They need fresh blood in both agencies that are savvy enough to handle the technology of now and the future. Right now we do not have it.

As an Systems Engineer, this is a very important topic. As stated in the article, technology grows faster than we are able to fully understand it. The reality is that most cyber crimes are sourced from outside the US. The threat is very real and not just to individual entities. The current state of the economy has shown us how so many institutions depend on so many others. When one of them is effected it ripples through the rest.

Homeland security is focused on protecting the 'Homeland' but are they empowered to investigate, act and enforce outside the US? The NSA’s jurisdiction has always been a bit of a mystery.

Cyberspace encompasses the planet and is growing all the time, even into space with the International Space Station and the satellites that relay data. I think the ultimate answer is a new and global entity to police cyberspace. Each nation should have an interactive channel with that group. Each law and intelligence agency should have an interactive channel with that group. The challenge will be working out the details of establishing and empowering this group.

The truth of the matter, each millisecond this topic is debated and we are without an effective solution, is that much more ground we are losing. The more ground we lose, the more opportunity we allow the Cyber criminals.

Are we overlooking the fact that we do NOT need more security? Our privacy barely exists as it is.

IMHO, if you want to do something positive for cybersecurity, you need to get Homeland Security to dump all its copies of the security swiss-cheese Windows OS and replace it with something better. My personal preference would be Macintosh computers, but an acceptable solution would be some form of Linux. Sure, lots of people, programs, and procedures will need retraining and replacing, but if you want secure computers, you have to get rid of the major source of insecurity.

Homeland Security can't even secure our borders. What makes anyone think they could do anything for cybersecurity?

Securing computers isnt that hard. However many of the more basic ways to protect systems would hurt convenience and cost. There will always be hackers, whether individuals or criminals, but even they cannot change how a computer system fundamentally operates.

For individuals, I thought the days of people using passwords like "hello' were long gone but they still do it unless forced to choose something more elaborate. Human nature never changes and the problem is not finding some new scheme to protect us, but to be sure and use systems we already have and to be consistent about it.

Oh and as far as these large scale hacking jobs, often they use insiders to get the information they need for access. At best you can fight that by treating things like top secret defense projects. You wont stop everything but you can mitigate how much damage is caused. Every time one of those stolen credit card number stories hits the news it always turns out to be someone on the inside.

replace the director of national intelligence. Awaits the NSA internet taps and on my innertubes.

I'd prefer the FCC myself and keep the cloak and dagger boys to different priorities.

given the pitiful means in which the gov't hire–just about any monkey can work for the gov't, methinks the jury still out whether any the agencies are the answer to addressing, especially, what the admiral, if I read this correctly, suggested is at core, "...since technology is often outpacing our ability to understand all of the implications." I for one do not want the nsa or hs on matters of this nature. oh, that's right, we have little or no say along these lines.

nice topic.

DoD Security Controls are not the same as other Federal agencies that follow other directives/controls, such as NIST, FIPS, FISMA, OMB, etc. Given this discrepancy, I do not think that the agencies under other directives would receive adequate oversight. Further, I would recommend that all agencies hold the same security clearance types if they would be forced under the purview of the NSA. You would have to standardize security controls for all Federal entities to ensure continutity and repeatability. In addition, those in other Federal entities would require specific clearance to speak to and/or access NSA for security matters. This would be a costly venture to take up and not one we should wade into during such trouble times.

Their definitely needs to be government oversight on not just computer security but financial information security as well as defense and logistical information security. Credit Card Companies, Financial institutions, defense contractors, nuclear facilities, water, electric, and a multitude of other infrastucture related entities house software and information that is vital to our day to day lives. If we the people don't step up and force these institutions to protect the hardware, software, and information housed therein, then they won't due to the cost of such an effort. Standards have already been submitted, but a standard is only a standard if someone enforces it. I think folks in general are naive about the awesome numbers of cyber attacks that occur daily in our country. From the pre-teen geek hacking his high school database to the organized terrorist cell hacking military installations to gain any useful information, these attacks are in the 100 thousands per day minimum. I would wager that those that aren't detected approach millions per day. It only takes one weak password or misplaced file in a government system, to cost millions of dollars or worse, someones life. When it comes to one of your loved ones lives, do you care who is over seeing the computer security or do you care that it is getting done right? I say make the NSA and Dept. of Homeland Security both submit a plan of action within 100 days. Whoever has the better plan, as judged by a pannel of mega geeks, gets the gig.

The last time I looked we had a form of Govt predicated on checks, balances and oversight - has the last eight years taught us nothing about operating in secrecy with no oversight - eventually everything hits the fan. The NSA is already to secretve of its work to manage this alone. Actually one would expect a governance structure overseeing this consisting of Homeland Security (Justice), NSA and Defense and managing a crack team of interdepartmental technicians to carry this out... across the government - What benefit is it to anyone if this is viewed as a tech fiefdom. Maybe it too much to ask that our governmnet beaurocracy work collaboratively to solve problems affecting us all....

I feel that this is uncharted water and we should tread lightly. We may be talking about the war front of the future. I believe that NSA should definitely lead the way, but as with many of today's systems there needs to be an oversight. This oversight should come from an outside auditing agency.

Homeland Security is just one more agency that needs to posture themselves for the way ahead.

We should all be aware of our constitutional rights – what measures are there to protect from unreasonable search and seizure? In a cyber world that means are you allowed to be searched for reciept of spam mail? Can the government seize your computer for months to copy your harddrive? What parts of free speech are protected in cyber space? How are we to act in cyberspace? The same as in real life with the same consequences? Personal freedoms will rapidly dissapear without adequate thought.

Each federal agency still manages its own cyber security. They dont trust the competence of DHS and they fear giving such control to the NSA. It isnt so much whether or not they are all in our business but more what do they do with what they find...in most cases they have plenty of data on the bad guys and do NOTHING with it. Most of us really dont need to worry about our secrets being learned and spread about – we dont really have any to disclose. There does need to be more sharing among agencies if we want to prevent another 9/11 but we also need to start watching some of our own citizens or some foreigners who are located on our soil as much as those foreigners located abroad – a criminal/terrorist is a criminal/terrorist regardless of where they are located or their citizenship. There just seems to be less interest in the US-born militia member stockpiling guns down the street inside America than there is the Muslim farmer with a cell phone living in Bulgaria. EIther one may or may not be a threat to the US. I for one would like to know which is and isnt and have them dealt with BEFORE attacks are committed.

Whoever does the best job should be in charge of it. If it is NSA, then let NSA handle it. If it is DHS, let DHS handle it.

I'll give a flip about their bickering over who gets to run the show once they can actually get a handle on nigerian scammers and identity theft. Until then, they can all shut the $$$$ up for all I care.

How about a compromise – let the CIA handle it?

I agree that putting to much in one agency and we start to see them control all the information the higher ups use. There has to be balance among the branches security and that will lead to better information all around.

As far as privacy goes, go ahead and look at me. I can tell you that you are not going to find out much of anything that I have not told my friends and family. Although I have never had a care about the wiring tapping. My phone calls are not important enough and even if they where, why would I do them over the phone instead of in person if it has to be that secretive?

It has to be NSA. We have seen the "great" jobs Home Land Security has done.

I have to say that I do not agree with any further government interference. I also don't think any agency should have the right to tap Americans phone conversations. This gives off that EVERY citizen is guilty and provides a negative vibe for everyone across the nation. Neither agency should get any further involved with "internet security". Phone tapping is technically taking away from EVERY citizens civil rights and is unconstitutional. We have a right to privacy and we do not receive this when the government taps into our phone conversations or monitors our internet uses.

The NSA should have no control over the program. They have already proved they can't be trusted.

Truth is there really is no privacy. All this brouhaha is doing is providing a smokescreen for the real agenda...the subversion of all so-called privacy rights provided by the constitution. Get folks caught up in this catfight, they'll be to busy to notice the rats stealing the cheese!

Computer security has been an issue long before the advent of the PC or Internet. NSA was traditionally involved in communications security and the mission evolved with the appearance of the PC. Homeland Security is a newcomer and not as wise. Having said that there are two pieces to this: (1) NSA who is good at coming up with technology to secure communications and computing and (2) HS which is supposed to be good at implementing policies and technology. Why not split it up that way?

From day 1, Homeland Security and it's Computer security office has been a revolving door. People enter with enthusiasm and leave bitter and bewildered. And we are talking leaders in the field. If they can't find a way to wade through teh bureaucratic mess, nobody can. This goes way beyond a turf battle between NSA and Homeland Defense. Congress has had a part, so has the administrations... Unfortunately, there is noone capable of kicking butts and taking names enough to become real effective in any capacity in the position. The only way it is going to work is if you take teh money away from all the other agencies and centraize the funding under one entity. That would force them to play in the same sandbox.

Relying on a singular body to provide cybersecurity may not be the best solution. Yes, there needs to be a point of contact, but wasn't the net established to provide multiple hubs thus reducing the rate of failure at all points? Security is a serious issue, but not one that I would like to have centralized. There is too much at stake for us to consider making it a singular target to cybercriminals.

I think the NSA is better staffed and equiped to handle this matter but it does raise the issue of privacy concerns. This is a serious threat to the national security of this country and it needs to be managed and carried out with the highest priority. I feel safer knowing the NSA with its knowledge and proven expertise is in charge of this important critical threat.

Government is government. If anyone thinks that having oversight in two separate agencies is any protection, they don't know human nature. Alll two agencies cause is more cost and more opportunities for government mischief. Given NSA's technological abilities, it only makes sense that those who can crack systems be responsible for protecting those systems, as long as they're not responsible for policing and enforcement, which should remain with the FBI and Justice, then there shouldn't be a problem.

As a government employee who has worked witht he NSA and HS, I believe that the NSA is the only agency that can be truly effective at Cyber Security. They have an extensive hiring program that brings the best and brightest into its folds. You need top talent to combat a shifting and very advanced hacker community. I'm not sure HS has the ability to execute that mission effectively. The NSA definitely needs better oversight, but with a President Obama the same provacy concerns hope fully won't be as big of a concern.

I believe that there should not be a wrestling match. For some reason everyone wants to have their hand in the cookie jar. I know that everyone always wants more funding for what they want to do. But if agencies tried to share more with each other rather than keep each other in the dark. I think our country/world would be a little safer.

I'm sure that most Americans cannot formulate educated opinions on this matter. For one, Americans (including myself) don't truely understand the differences between the NSA and Homeland Security. Capabilities, levels of security clearance and access to the oval office, knowledge, experience, manpower, scope of cybersecurity apparatus, etc. are all among the unkowns.

My guess is that the NSA should probably head cybersecurity but what do I know.....perhaps as much as the people who will wind up making the decision.

Obama, please intercede on behalf of the American people and make an informed decision on this very important topic.

The NSA, as the largest single employer of mathematicians and one of the largest employers of technologists, probably has more technical competence than DHS. However, the NSA is an intelligence/counterintelligence agency, and though there is overlap, cybersecurity is not squarely within that domain.

I say lets keep the NSA's focus on thwarting our foreign adversaries, and DHS's on protecting the security of the homeland. There is no reason why they cannot co-exist and complement each other.

I thought the Air Force was gathering momentum for a Command structure to handle cyber threats? We need to get ahead on this technology because our threats are using it against infastructures of other countries and to pass messages in code. We are already behind the preverbal "eight ball" on this topic.

DHS was created out of the "Shock and Awe" era after 9/11. We have to realize that certain aspects of the governments job (specifically the NSA) has to be covered in secrecy and other parts have to tip toe across the Bill of Rights: we need to fight fire with fire people. Having Beckstrom resign solves nothing, it only gives them a bit more room to tip toe.

Designed software programs for the NSA in the 80's. Couldn't even figure out for sure what it was really for because they broke it up between so many people. The impression I got from the NSA is that we should be watching them more, instead of them watching us. I wouldn't trust them, and the smartest computer people generally stay out of government.

Um... why not just create a new agency who's sole purpose is cybersecurity?

People don't fool yourselves into thinking that any of the government agencies who are bickering over control actually have anyone's best interest at heart. It all comes down to money and manpower. The more responsibility and duties an agency has the more money and manpower they receive in the budget.

I'd recommend a joint commission-type collaboration between the two agencies. I would be very concerned about what I'd never know about cybersecurity operations if only one agency or the other had total control of this. And, this proposal would assume Congressional oversight via full access to the program (the public would need some ability to weigh in via approval or disapproval of the program as it develops).

This is a very prelim thought so perhaps more could be said with a more thorough assessment of the particulars.
-c

Knowing a little something about computer security and presently in college to do it for life. I think They should maybe be their own group all by themselves because they are both similar and different from all other threats and frankly the NSA is not well liked by the public after the warrant less wiretaping and to handle computers you need a lot of fresh blood and not being controlled by the old farts that are not adaptive enough to the fast paced world of cyberspace.

This is really a turf war, this has everything to do with money. That is the funds / grants each agency would receive for this function. Personally, I would rather see it with NSA – i know people at both agencies. Homeland Security is a joke, I have seen the people they hire and the way they do business, the less they are responsible for the better. Note-there are some great people there, but the management is terrible and few really have any clue of securing anything.

Don't let either of them handle it... create a new department, the DoC or DoCS... Department of CyberSecurity.

Actually that's probably not a good idea, I'm not sure creating new government departments would solve anything.

Does the problem maybe stem from having two national agencies with "security" in the name, and no clear direction from the government on jurisdiction, with both agencies believing they set their own limits (or lack thereof)?

But what will happen to your own personal internets?

Ideally, you would break the coverage of cybersecurity up into a handfull of facets, and distribute governance of each to various agencies. The catch with this methodology is that a compex infrastructure or system to coordinate between agencies is NECESSARY. Due to DoD budget cuts from the new adminstration, I doubt this is an option.

Definitely we should outsource it.

NSA is probably more competent to deal with cybersecurity then DHS and this government definitely needs allot of help in this area. Dealing with the privacy of US Citizens should be left to the court system and I don't mean secret courts. Privacy and Cybersecurity can co-exist if competent people are place in charge; this is the real problem this and any other administration must address. Cybersecurity should be left to people with strong IT backgrounds and not those trained as lawyers, politicians, administrators, etc. Let those that know and understand the topic at hand run the system but also place appropriate controls based on common sense to ensure US Laws are not broken by all powerful agencies.

What we need to do is hire people small enough to fit directly in the tubes so they can see the bad guys when they try to break in!

I agree with many of the comments - this cannot be in ONE agency's hands. However, I do think a joint effort of these agencies would be worth while in terms of cybersecurity.

Cybersecurity should be under the control of Homeland Security. It would give the NSA too much power.

This is yet another way for the people at these agencies to implement "big brother" and continue taking away your freedom. The ultimate goal of agencies like the NSA and DARPA is to electronically monitor your every move.

"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." – Benjamin Franklin

The Department of Homeland Security is still trying to figure out what it wants to be when it grows up. It is a bunch of formerly independent agencies that are now in-fighting over budget and roles under the umbrella of Homeland Security. NSA has the best brains and technology to identify and handle Cyber threats. It is also one of the few Federal entities that can actually keep a secret. We should let them do what they do best.

Honestly, I could care less about this turf war.. I would rather see private agencies share the control and oversight by not allowing government(any agencies!) have unlimited power to operate so called Secret mission invading our privacy rights.

I would welcome mix of private security organization in conjunction with any transparent government arm taking over the cybersecurity.

The NSA hires a LOT of very bright people from all over the nation, many direct from college with advanced degrees.
While much of the work done by the NSA is classified, a large amount isn't and is available to the public, free of charge.
I've worked in computer networking and computer network security for a long time and have frequently used resources available from many sources, to include the NSA.
The NSA funded work on SElinux, a security platform that is now part of most versions of linux. From the outset of that project, it was available to the public free of charge and has secured many thousands of public and private computers around the world.
The NSA also provides security advice to the DoD. As a part of the DoD, it is one of their missions and they are highly effective, when their advice is heeded.
Out of the number of government agencies beyond my ability to count, the NSA is frankly one of the few that I trust. If for no other reason, if any information they may acquire during monitoring or other work is beyond the purview of what their mission is, it is destroyed.
In short, they do their job and mind their own business.

It makes better sense for the NSA to have the mission since they have a better chance to recuit people that have the skill necessary to do the mission. Politics and money should not be are deciding factor

Being an Oracle Data Architect, and pursuing the constant "Master of all that is data".

NSA+SAIC+Harris+Lockheed_Martin+GenDyn+IBM+SUN+REDHAT+ORACLE+EMC+JPM working not in concert but rather in relation to this issue. (notice how i left out MS)

/Problem_not_solved (but it's as close to a solution that works as we can get).

Thanks!

Protecting communications is the NSA's job. Homeland can't even do anything more than raise a color level. This has nothing to do with monitoring or big brother or yap yap yap.

If NSA doesn't get cybersecurity, then they will develop their own cyber security unit, which will lead to redundancy. I think that Homeland Security should deal with the open threats, let the NSA deal with the covert stuff.

It's not that NSA was the problem. The president and the people he picked were the problem. Look how Chaney kept things in his man safe secret. Look how they have silenced the press for the last 8 year. I have a feeling the NSA was just following orders and Chaney's lead. More debate is needed on the issue true, but don't blame the NSA or Homeland Security for the stupidity of the Bush/Chaney years.

The NSA is well equipped to handle this aspect of security as they have working encryption, authentication, and data integrity for decades whereas Homeland Security, a derivative of several agencies confederated together, is a newcomer. Yes there are others that work cybersecurity but if you want to have those that have worked fundamental R&D aspects of security, and its implementation, then my believe is with the NSA. Have your identity stolen once, twice, or more and you soon become a believer. If you are concerned about being "tapped" than perhaps you need to back off your web use and find conversation again as your medium. Thought is, I do not care who views my missives, if I can obtain a guarantee of my safety in making billing and bank transactions happen, and yes, have the agency remain accountable (not that you can do this with any of the govt agencies) then my horse bet remains with the NSA. Heck, IRS has more info on me than I care about, but that’s the breaks!

We dont need more transparency. The less you know the less actual criminals/terrorists etc. know.

Tough question. I want the US infrastructure to be as secure as possible from damages by American and international hackers... BUT! I vehemently do not want the government to police the internet. The ideal solution to me would be that the United States government would be the undisputed leaders in the field of information security. Instead of our national cybersecurity depending on lying and waiting information gathering it should tremendously ramp up our proactive efforts to discover security vulnerabilities.

If we can find the bugs before the bad guys do the bad guys can't attack us.

Cybersecurity is way too important to be left to any current organization – they have already established procedures and territories. This mission requires fresh faces, new thinking and a willingness to extend beyond our borders. this is not just our problem – it is a worldwide one.

JS

Welcome to Cold War #2. NSA has cold war experience and DHS does not.

“Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.” – Benjamin Franklin

Thank you Mike E. That quote is for all the idiots who are either passive or think this is a "cool" idea to have agencies like this montitoring anything.

Ah, that's what I love about the Internet. It's the only venue where you can watch the watchers.

Anything the NSA can do, hackers can do better.

Time to put away the movies about what the NSA does or what Hollyweird thinks they can do. The NSA already provides security documents on how to secure everything from servers to your network. These are documents that have been unclassified and tested by the agency and anyone can find them at the agency's web site.

If you are living a law abiding life, the Federal Governmant has better things to do than watch your every move.

Just because an agency has the term "security" in their title it doesn't make them the correct choice. NSA is first and foremost focused on intelligence collection, not proactive protection. While they have the technical expertise to address cyber security, the actual goals of any cyber security program are outside of their directives. They could certainly provide any collected intel related to potential threats. As for Homeland Security, they have as of yet been unable to manage a security fence, I have little faith about their abilities to establish and manage a secure perimeter around our cyber assets. The best solutions would be a new group, dedicated to the single task of cyber security, and with the authority and security clearance to work with existing security (law enforcement/FBI/CIA/NSA etc...) and leverage their assets and information.

Also, on a final note. The NSA has taken a lot of flack concerning domestic wiretapping. I think everyone should be aware that the NSA doesn't initiate any collection, they respond to specific tasks, and those tasks have specific requirements for approval before the NSA an undertake them. If the NSA is assigned a collection task, and it has the correct level of approval, they don't have the luxury of questioning the task or debating it. So, for example, if the were to receive tasking from someone in the Oval Office, and it had been approved by.....oh lets say the Attorney General...they are required to carry out that task.

NSA -20
DHS – 20
New Agency – 20

Since I have the deciding vote - NEW AGENCY, empowered to do the job. These two behemoths do not know how to collaborate and share vital information to make a timely difference.

Terrible overstep by NSA. No way they should be over this.

Create an independent agency like NASA and merge those 2 and any other cybersecurity efforts

Whoa!!! Wrong Question!

First, I don't want the government looking out for my computer's security. There are plenty of private companies doing that—Norton, Microsoft, Apple, etc. i'll find my own protection on the open market, thank you.

Second, no single government agency should be in charge of cyber security for government systems. Each agency should be responsible for its own systems and they should share information and technology. Good security is built by many different people examining each other's systems for potential flaws. If one agency handles it all, they will make mistakes that they either will not find or will be too embarrassed to admit to. This is one job that should be spread around widely.

I believe we should place all physical security measures under Homeland Security and place all cyber security under the NSA. That would result in placing the FBI and the CIA under HS. ALL Because electronic surveilance is about ensuring our physical security that would fall to the FBI under HS. ALL Communications/electronic security measure would be the responsibility of the NSA. An argument then could be made to place the FCC under the NSA. A by-product of this would be a reduction in the duplication of efforts resulting in the reduction in the number of personnel required, saving millions of dollars in resource costs.

NSA should have control of cybersecurity. The internet and hackers are located across the globe, while Homeland Security jurisdiction ends at the shores of the U.S.. NSA has a global reach; already has the computer infrastructure and personnel to perform the cybersecurity mission. Homeland Security would have to build the infrastructure and higher thousands of employees to perform the mission. Ask Mr. Beckstrom where he received the majority of his information concerning security breeches and identifing the actual hacker(s) and he would say NSA provided the information. Let's establish a national cybersecurity center with NSA as the lead and have Homeland, FBI, CIA, DIA, Commerce, State, DoD and other agencies as representatives. This should solve the rice bowl issue.

Kevin J. Weise : It's a common myth that OSX is more secure than Windows. In fact its security often lags behind windows, the difference is that windows has most of the market share so it is most often attacked.

PS: I own a mac, and develop software.

Most of these posts while well meaning range from sorely misguided to politically or personally paranoid. As a veteran and a current IT professional I will tell you this.The interent is global. Cyber security is then by nature and common sense a national security (NSA) issue. They have the most advanced technology and the most resources & brightest minds available for the job.

As far as oversight, they already answer to Senate & House SELECT committees on intel and terror, as well as the FISA courts and the DOD. You should be MORE concerned about THOSE elected officials. The NSA is an implement of administration policy, guided from the top downward.

Cyberspace is the new frontier, and it is the gateway to anything and everything. Finance, government, national power grid, phone systems, defense, everything is wired to it and it is expanding exponentially.

The world is not a safe place. Safety requires secure frontier borders, and walls of defense. Those walls have to be manned by patriots. Eternal vigilance is part of the cost of freedom. Because freedom is not free at all. If another 9-11 type attack can be stopped because of intel gathered from this arena, who do you want in harms way?

This is warriors work, & you should leave warriors to do it.

Congress must act. Title 10 and Title 50 Authorities are outdated. These autorities/laws need to be modernized to better reflect and represent the need to protect cyber. Only Congress can resolve this important national security issue through legislation.

Let DISA have it.

How about making each department actually make their systems secure internally. Every government entity has its own IT department of some sort so use whats in place instead of centralizing. The director of each department will be responsible for securing their systems. And if they dont then those individuals and anyone else in those groups that left holes in the system are open to criminal negligence charges on the Federal level. Just think, hold the Director of the FBI for the failures of the FBI and level crinimal charges against him, what a novel idea. With the title comes the responsibility.

Pie in the sky, the curent trend is create a new office for this that and the other and throw money at the problem and hope that the Benjamins obscure whats happening...or not happening.

Diffently dont support giving it to the NSA as they have already shown a tendancy for domestic spying without cause or due process.

the DHS is an additional, UNNECESSARY layer of govt that has done NOTHING to improve national security.

the DHS has overspent, squandered and created failure after failure.
(who doesn't laugh at the color-coded threat levels to this day?)

the DHS was a political, knee-jerk reaction by an administration that got caught w/ it's pants down and had to do something to save face.

i wouldn't trust the DHS w/ securing cookies from kindergarteners let alone something as important as cybersecurity.

the NSA was doing a fine job at national security. when you have an idiot president who doesn't listen to them however, that's when the problem starts and a bad rep circulated.

penalizing the NSA by claiming an abuse of power is absurd. the NSA is an organization that performs at the behest of the president.
(see EO13470) the NSA did it's job....and still did it well which, is what most of us would call "competent". competence should be rewarded.

for all the dopes "afraid" of the NSA's power, look again and get a clue. the NSA didn't just suddenly go on a wire tap rampage. it was instructed to do so by an imbecile of a president and WORSE YET ALLOWED to occur by an increasingly conservative supreme court.
the DHS could be manipulated in the same way, if they were capable of achieving results.

currently, any organization that ultimately reports up to the presidency has the capability to be perverted. the failure is not at an agency level but much higher up in the core of the three branches of gov't and their "checks and balances". this all happened via "executive orders" and many other later on Bush-era, presidential power grabs. too much power now lies in the executive branch. (see the last time congress declared war)

you want to fix your privacy, start looking to the supreme court. they're the ones letting it get trampled in the first place.

...and who picks them? congress and the president. and who picks them? the people...so....actually america...are you all REALLY that bent about your privacy or perceived loss thereof?

let the cybersecurity job go to the people who are at least established and have a decent track record, and that's the NSA. the whole "privacy' thing sitting w/ one agency is a moot point.

Assign:
Homeland Defense: Computer Network Defense
National Security Agency (part of DoD): Computer Network Attack

Directly addressing the question: Why do we need the government to provide this security? Can't our economic institutions (excluding the govt "watchdogs") buy security consulting from the commercial businesses that specialize in it? If security is needed, let those whose business depends on it, buy what they need. It's called the "cost of doing business." Does NSA or Homeland Security need to control electricity to keep us safe? Do they patrol neighborhoods to keep us safe? Do they drive us to work so we won't have accidents?

No. Government should be limited to what must be done and can't be done by any other entity and only to the extent that they are effective.

Obama has hired such a bunch of political hacks to run government departments and programs that no one knows who is on first, or which is running what. They all want power and they all want their names in the headlines, but they don't know what they are doing. Janet Nepalitano, while a good governor of Arizona, is not equipped to effectively run Homeland Security, so leaving something as important as Cyber Security under her would definitely be a mistake.

Cyber security is perhaps the single most serious problem this country faces today. The NSA is probably the right place to house it, but the liberals have given the NSA such a bad name by whining about necessary domestic surveillance, that it is tainted. The Big "O" needs to make a decision, one that is not politically motivated, and get the show on the road.

Having worked as a technician and a manager in the "business" for 40-odd years, about 20 of which were at NSA, I feel strongly that at the worker level NSA is more that able to handle cybersecurity for the nation. At the management level it's another story. Beginning in about 1990 NSA managers seem to be more concerned with CYA, protecting turf and career advancement than with getting the work accomplished.
God bless America!

The Achilles heel of US law enforcement is its inability and/or unwillingness to share and coordinate at all levels in an effective manner. Like Medieval fiefdoms, they each watch a part of the big picture but no one sees the big picture.

We really have to stop pointing at the other guy and saying, "Hey, your end of the boat is sinking."

The United States government had the information they needed to stop 9/11. Because of a lack of interagency cooperation, nothing was done about it. Afterward, the politicians had all the steam they needed to take away liberty and personal privacy in the name of security. I think a centralized security agency would preserve liberty and security without having to give one of them precedent.

Of course, that means coming face to face with redundancy in today's market. That's a tough call.

People are forgetting THIS IS ONE COUNTRY

all these little teams of branches are fighting like highschool football teams. Little kids with big important titles and nice suits.

Neither the NSA or HLS should be handling cybersecurity...

we need an entirely New branch with the best and brightest from the IT industry and we need absolute transparency as far as privacy goes.

We need to protect against hackers getting into our nation's infastructure, not looking over the shoulder of home pc users for naughty keywords.

I find it mind boggling that we would give it to ANY current branch of the government. Those of us involved in cybersecurity know that it is a large enough demon to warrant it's own branch of the government. Thats right, THE DEPARTMENT OF CYBERSECURITY.

Our gov't needs to be able to have an organization/branch where everyone can start on the cybersecurity page. We also need a branch of folks who specialize in cybersecurity, no DoHS or the NSA...but

THE DEPARTMENT OF CYBERSECURITY
THE DEPARTMENT OF CYBERSECURITY
THE DEPARTMENT OF CYBERSECURITY
THE DEPARTMENT OF CYBERSECURITY
THE DEPARTMENT OF CYBERSECURITY

I think we should just get rid of computers. That's the ticket!

this post is stupid, because, clearly no one knows anything about either agency or how they operate. we vote, so others can make these decisions for us. the government has the american people's best interest ahead of anything else.

The Dept of Homeland Security should be disbanded. It was nothing more than an emotional reaction to the events of Sept 11, 2001 and a waste of taxpayer funding not to mention how it has trampled on the rights of law abiding citizens.

This basically means, who can we trust to wiretap us. None of them. Leave the internet alone and make people secure their own computers, if they get worms and trojans then so be it. I don't like the idea of these organizations watching over us. Who made them God?

The US Air Force is currently standing up a Cyberspace Command to deal with these specific types of threats. I have seen much talk of the cold war. The military is the agency that has to deal with the realities of a war in the most graphic sense. The military as a whole fights battle, fixes things, protects our borders from foreign militaries, and works extremely well together. It would only make sense to allow the DoD to execute this mission. Combined with NSA oversight, such as in the cryptographic security programs, the military could effectively defend our nation in cyberspace as well. Who do you trust more? The cloak and dagger types, the politician types(DHS), or the United States Armed Forces. Who has always defended this country against all enemies, foreign and domestic. They already defend land, sea, air, space, and cyberspace. Just give them the power to do so on a larger scale outside the US and this country will be a safer place.

Hmmm, give the NSA control over cyber security on top of wiretapping americans phones, & there extreme secrecy. If the lawmakers are stupid enought to fall for this ploy (which I whole heartedly think they are) then they might as well change the NSA's name at the same time to the "SS".

Each agency should be responisble enough to handle their agencies own cyber security. Having one agency do the job for all agiencies, just means more information will be avaiable for the taking should their be a failure in the system. And then do you really expect the NSA to own up to a failure if they are so "secretive"

Anything dealing with foreign nationals and their surveillance should be left to NSA and issues related to US Citizens should be handled by DHS.

The NSA is an organization the cannot be trusted with personal privacy. They are in the business of security NOT freedom. They can't be trusted unless visible and verifiable safeguards are in place to ensure personal privacy.

Not that the Department of Homeland Security is super at what it does, but the NSA cannot be trusted after what they've done not to use the technology to spy on it's own citizens. Funny, I never realized I didn't trust my own government. Wow.

In addition to my earlier comment, any cyber crimes commited inside the US would be reported to the appropriate agencies. The military is very rarely cleared to enforce laws in the US. This should remain. Informing the FBI of crimes would ensure enforcement after the DoD detected the infraction.

How about let Obama decide. He seems to have an answer for everything else, apparently. Isn't that why so many people voted for him? They must have absolute and unquestionable faith in his decision making process, not that it has done any good for us yet.
My opinion is that it should be handled by an completely different agency that has yet to be created. We need an agency to handle all technological issues whether it relate to cyber crime, computer security, and even maintaining the electronic data created by our government that is supposed to be archived (and apparently wasn't during the last eight years).
If Obama would create such an agency then they should handle all cyber issues.

For those of us that work within the US gov't we know that cybersecurity put into the hands of DHS is like asking Marion Barry to solve the crack problem in DC.

Having worked for the US Government dealing with computer security and having close contacts with the NSA , I do NOT trust them. My position required information from the NSA and getting it was nearly impossible even though I had the necessary clearance and need to know.

Let the NSA defend the Government and Military and the DHS defend the private sector.

I don't trust the FBI at all.

The NSA and Langley should run the program–Now, those are the guys I trust.

The FBI is stupid when it comes to these things and talks a lot of smack when they need to recognize game.

Having worked with NSA during Viet Nam, I would rather have them working on cyber securtiy than a bunch of TSA baggage clerks investigate cyber security issues.

Cyber attacks are the next likely avenue for any terrorist interested in a high yield low cost (low risk) attack. The idea that one agency thinks it can handle this alone is... amusing.

Why? Because we'll only have one group to blame when it happens.

Not if... when.

The only reason nothing has happened is because those capable (FYI – cyber intrusions are already occuring at dangerous levels) of inflicting the damage have chosen not to.

Just a matter of time. Consolidating power is opposite of how technology behaves... that should be your true red flag.

Politics over reality. That's your real story.

As a CISO with a Fortune 500, I really don't care who gets to own it so long as they can improve the "F" Grade the federal government received on information security. My guess is a good team of ethical hackers could take them apart fairly quickly and not all of what's required to secure cyber initiatives are rocket science. If the NSA can do it better than DHS, go for it. I've been unimpressed with anything I've seen come from the Feds on Infosec and my peers feel the same as I do.

Pat Lefemine

Who was in charge before they created Department ofHomeland Security? National Security Agency that's who Talk about to much control, look at the agencies under Homeland Security

Transparency in national security? Would you make it more transparent to Al Qaeda, Hamas, Hezbollah, who?

DHS may lack some transparency, but NSA is a black box which is totally resistant to oversight. NSA may have more technical skill, but if there's one thing we've learned in the last 8 years, it's that:

We need to use agencies that are ACCOUNTABLE whenever possible.

That would not be the NSA - even their budget is secret and known to only a few lawmakers!

Terrorized by worms trojans, clickjackers, viruses, spammers.
US government knows, but the current state of confusion is convenient

Collect all data, no matter how, is a goal, to total government control
If US law forbids, then Britain, Canada Mexico ... can collect for US

Microsoft certified software - is that reassurance ?
Poision Apple, Linux ? NSA needs to produce a safe operating system !

I have to agree with Chris who said:

"This post is stupid, because, clearly no one knows anything about either agency or how they operate. We vote, so others can make these decisions for us. The government has the american people’s best interest ahead of anything else."

We can only hope you are right Chris. Most of the people that post and comment haven't got a clue what the question is let alone the answer to the question.

NSA needs to have control of this area. Homeland does not have the breadth and depth of experience necessary to control, implement and manage cyber security for the nation against all threats foreign and domestic. Were there to be a splitting of the program into foreign and domestic cyber security areas, then I would advocate for domestic to be handled by the FBI while foreign would still be the purview of NSA. Homeland could serve as a point of confluence or facilitator/overseer to ensure all departments were all on the same page. It is critical to have all departments in the same loop so that adjustments to our nation's security posture can occur expeditiously when warranted.

Then again Chris ... We could go out and hire a guy that used to run a horse farm to run FEMA, or in this case Internet Security. That, as you recall, is what Bush did and what a terrific job he did at FEMA. BUT, boy, was he a loyal Bush fan.

The questions I ponder about this article; why do both agencies still exist? Shouldn't the NSA be reporting to the DHS or visa-versa? Since both have the responsibility to protect us, this to me is just another example of wasteful overlap of bureaucracy. Secondly, shouldn’t the top dogs of these agencies have a higher level of maturity? Sounds to me like the dude who quit his job because he feels a little competition is a big cry baby. In the real world, top dogs deal with these types of issues all day long. I say, "good riddance". Let’s get someone in there who knows how to deal with being a top dog. Hopefully its someone who is out of diapers.

the idea that the gov has our best interests at heart is ridiculous. the concerns over the NSA taking on cybercrime are due to the fact that they have made egregious (although white house sanctioned) violations of the civil rights of american citizens. Warrantless wiretapping is most of what we have heard about, and therefore is probably only a small indication of how much they have intruded into the lives of US citizens. The rational here being that the ends justify the means when it comes to protecting the homeland. But the ends can always be argued to justify the means.

its a fact that no matter how much a gov organization infringes on the rights of americans, we will still be vulnerable to a terrorist attack. We can never be totally safe. This is the cost of living free. These points are even more true in the ethereal world of the internet. Our country is founded on the principle of "give me liberty or give me death", not 'give me liberty unless something scary happens.'

if we're not brave enough to risk our safety for our liberty, privacy, and freedom we might as well pack up and go home.

Wow, I was impressed with Don's comments. He definitely has a better grasp of the issue than most of the public, including myself.

I just wish to second his comments.

The department of Homeland Security, for sure. The NSA is resistant to oversight, and there's zero transparency most of the time. Homeland Security is far better from an ideological standpoint. Plus there are fewer misanthropic nuts in the Dept. of Homeland Security.

The seperate operations need to be united. Under a Sec. of Tech Then a new group of tech "alpha geeks" need to work within the American controlled networks to identify and eliminate threats. Basic control of routers, for the purpose of identifying botnet computers and the transmission of viruses, should be given to this group.

This is a defense Issue. It should remain under the defense department. The air force, and navy already conduct cyber security operations. why should this be moved to the public sector? The last thing we need is burecrats making decisions in a time of war. we need to keep the intelligence within the defense agencies I'm tired of this tug-of-war over information it is exactly what caused 9/11.

We need a priest superhero, who will newer reveal your secrets
Final judged are you - Just secure messaged the Grim Reaper in Hell ?

The NSA is best equipped to handle the cyber-security issue at this time. Everyone thinks big brother will just come in and take over but I find that less likely. We need cyberspace to be protected under a single entity. We need to take a hard look at who can best accomplish the goal and the NSA is clearly ready. Any over site, or protocols agreed upon are much better when a single agency is tasked with the job. Right now there are three or four, lets not forget the CIA which all have their hands in it somewhere. Everyone has different rules, and focus on what they are doing. We need to align to programs and goals. Even if we keep them split between two or even three agencies if they all play by the same ground rules and have methods of communication between them we can actually make a difference.

To the DHS, FBI, CIA, NSA, and American cowards who support the (SO CALLED) USA PATRIOT ACT (ILLEGAL!), before you get carried away:

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

What is the point of all this surveillance if we do not have liberty? What are our brave fighting men and women dying for? I don't care how many times we are attacked; only COWARDS support marginalized civil liberties for the sake of pseudo safety and a BIG BROTHER police state. How dare you raise your children to be cowards in the home of the brave!

I have worked at both NSA and DHS. While at NSA, I was taking a class on how to mine for information from a database. I was instructed to put in a couple of key words and to review the results. About a week later, my boss called me into his office – I was asked to explain why I was searching on these key words – as I was not an analyst for that 'area'. You may believe all what you want about the press but I worked there. People do NOT just go around prying into other peoples privacy. Do the math, there just isn't enough analysts in the US to do what many of you believe is possible. No way.

While at DHS I worked at the Operations Center as a contractor. I had three different computer accounts. I had to go work at another agency for a different contract and approximately 8 months later I was asked to go back to DHS. I am also a computer security professional. After 8 months, my accounts should have been disabled. However, when I came back I tried a little 'experiment'. I logged in using my prior credentials. I had approximately unread 18,000 emails spread out in my three accounts.

DHS does NOT have clue on how to manage computer security. NSA does. DHS has been around for a few years as was the result of many agencies throwing out their trash workers. NSA is an incredibly profession organization that hires the brightest and best minds in America. If you want computer security, stick with a proven winner. NSA knows how to secure computers, DHS knows how to waste money....

What difference will it make? Either way, any large bureaucratic agency would be unable to keep up with the pace of technology change the way small groups of cyberterrorists could.

Secondly, the American people will be unhappy regardless. If the agency charged with protecting us reads a suspect's email and prevents hundreds or thousands from being killed people will complain they weren't authorized to read the email.

If innocents die because the agency didn't see an attack coming those same people will complain that they should have known and "connected the dots."

Both have already happened.

The U.S. takes the approach that the internet is "American". It's not, it's a global entity, and only a global response to anything about it would work!

We're talking about trusting the Government here... Think about that. The framers of our Constitution were very clear on the issue of "trust" when it comes to goverment. The Constitution was written the way it was to limit the governments power to oppress it's own people (potentially or directly), that's the purpose behind checks and balances in our system of government. From what I can see, centralizing anything (or any program) to one government agency is a very VERY dangerous thing. Especially one like the super-secretive NSA, which already monitors us without need of warrants. Supporters of this kind of thing are leading the people down a very dark path and should consider history (ours and other nations) when supporting things like this. It's understandable the need to monitor what's said/done on the internet, because we as a nation have to defend ourselves. That is the "true role" of government... to protect it's people. To sum it up, this needs to be done by multiple agencies, at a minimum 2. Both watching us, and each other... while at the same time, working together to ensure the primary goal of providing security. It makes for bigger government (sigh...), but protection of freedom is of utmost importance even when the nation as a whole is under attack (we are almost daily whether it makes the news or not). Regardless of what happens, when we (willingly or unwillingly) give up our Constitutional Freedoms, we are setting the course for the eventual demise of our great nation. It's hard to tell, but the damage may already have been done.

Most of the people in this discussion have no idea what they are talking about. All the people saying that the privacy will be or has been violated get real. The only phones that got or get monitored were those known to have or believed to have ties to terrorist end of story. They weren't listening to you talk about your sex life or how much you hate your boss. We don't have that kind of manpower to listen to every call. The same goes with cybersecurity we don't care that you are looking at porn or chatting up someone in a chat room the things they are worried about are threats to government systems that hold potential national security info. They only care about attacks on government systems end of story. Here is an idea if you don't want to pop up on the NSA's radar don't try to hack NASA to see if aliens are real. The only people that will get any adverse effects will be those that try to hack into government systems. The NSA or DoHS care about our great nations security and keeping classified stuff out of our enemy's (foreign and domestic) hands end of story. Stop watching spy movies if they are going to make you paranoid. GET A LIFE.

"How NSA access was built into Windows"
http://www.heise.de/tp/r4/artikel/5/5263/1.html
Every keystroke you make, every link you click, we will be watching you

Visibly, In times of emergency, or war,
The government controls all communications from a central point
In times of calm and peace, just monitors and traces everything

This is a complex issue with at least two important aspects –1) technical expertise and 2) action whether in or outside the court.

1) NSA is by far the preeminent technical powerhouse in cyber security. The Fort Meade folks have been doing it for dcades and are the Big Leagues. Homeland Security is the new kid on the block technically and cannot compete.

2) From the all-up-front in court point of view, NSA probably has some shortcomings. DHS is probably as pure as Caesar's wife, but maybe not real effective.

Bottomline–why not share the load? Let NSA do the technical research and hand off ANY active measures, legal or techncal to DHS for action.

The NSA "is responsible for the collection and analysis of foreign communications and foreign signals intelligence, which involves a significant amount of cryptanalysis" (quoted from Wikipedia). This also includes any communication between the U.S. and any foreign country.

By this definition, the NSA does not have the authority nor the necessary tools to effectively handle cybersecurity with regards to the average american user of the computer and internet.

On the other hand, the bozos at Homeland Security installed a homogenous computing system (a company in Redmond, Washington who's best ideas are to copy other's innovations) and pretend the they are not hacked or are bombarded with all kinds of malware and virus.

OK, the true is neither organization is equipped to handle cybersecurity because it is a global issue and requires up-to-date, dedicated, cybersecurity experts who need the ability to work with U.S. and foreign agencies to quickly and effectively neutralize, capture and prosecute cyber criminals and organizations (including foreign governments).

There also in to be continuous information and updates directly to our lawmakers, so they don't try to create outdated and /or stupid unenforceable laws (like the ignorant politicians from Texas who think it is a good idea to require every American household (and business) that uses a wireless or DHCP router [that pretty much everyone who has a network] to track every computer, device and person using it for 2 years) .

You also need to make it as transparent as possible to the end user who needs it to be easy to use, safe for children (yes Utah, parenting is a lost art), and has the security to protect identity and fiances.

Let's see... We need a group of cybersecurity experts with equal authority to just about every law enforcement agency in the world, has worldwide prosecutorial abilities, who teach lawmakers to make informed and foresightful legislation as well as work with software and hardware vendors to provide the end user the tools needed.

What am I missing? Are the Watchmen available?

Cybersecurity is a component of ensuring several aspects. Defense, Business, and Law.

Defense: As it is the USAF is in charge, as it has been, to secure all terrestrial and space based cyberlogistical systems and infrastructure. The NSA does an AMAZING job at what they do, but they are NOT a front line public service or branch of the Justice Department. USAF should harden us against military scale attacks and work with FBI Cyber crimes to prosecute LAWs against criminal actions.

Law: Well the FBI Cybercrimes unit could sure use the cashola that would be the result of this. Homeland Security is one of the shabbiest operations I have ever had the displeasure to tour. They are ill equipped to handle the threat of Drugs, Chem, Bio or Nuke attacks at our shores and borders as it is. FBI is a component of the Justice Department and answers to the people of the United States. I vote THEY become the MAIN focal point for domestic cybersecurity.

Business: The more shadow agencies start to mask their operations due to "National Security" the sooner it will be the black vans start sweeping up housewives for complaining about Senators and the price of meat at the super market. The last thing we need is a bunch of gun toting, power drunk, super nerds calling everyone CYBER TERRORISTS who dissed them in high school.

In conclusion: NSA has a job already and so does Homeland Security – they should stick to them! The FBI and the USAF have a VERY clear cut picture of what is needed and are meeting these needs already. Checks and balances people – checks and balances.

Ben Franklin said, "The instant you are willing to sacrifice LIBERTY for SECURITY .... YOU HAVE LOST BOTH!"

The NSA is just a bunch of cronies who are buddies with Bush and Cheney. They should have much less power than more. We all know how this bunch of phantoms in the NSA operate. They think they are above the law, and they will do anything illegal or underhanded to achieve their clandestine objectives. No, we do NOT need the NSA to have more power. Actually they should be cleansed of the far right Bush buddies. Cybersecurity should be a separate operation reporting only to the joint chiefs of staff and the prez. So the bosses at homeland and the fbi can't interfere, which they will.

I PERSONALLY DON'T WANT ANYMORE GOVERNMENT INTRUSION IN MY LIFE. ESPECIALLY THE NSA OR THE HOMELAND SECURITY PEOPLE. I BELIEVE WE HAVE MANY INDEPENDENT PRIVATELY OWNED FIRMS THAT COULD HANDLE THIS ISSUE WITHOUT IMPOSING THEMSELVES ON MY PRIVACY. NOBODY, IN MY OPINION, HAS A RIGHT TO SNOOP INTO MY LIFE AND MAKE DECISIONS BASED ON WHAT I DO ON MY COMPUTER, IN MY HOME. THESE GOVERNMENT AGENCIES ARE TRYING TO CONTROL EVERY ASPECT OF OUR LIVES. I BELIEVE IT IS A VERY BAD IDEA TO GIVE THEM THIS KIND OF ACCESS. YES, KEEP AN EYE ON THE KNOWN HACKERS AND THOSE WHO MALICIOUSLY PUT VIRUS' OUT THERE ON THE WEB, BUT DON'T MONITOR MY DAILY ACTIVITIES. IN OTHER, CATCH THE CRIMINALS NOT THE INNOCENT.

There is a common misconception that cybersecurity is costly and invasive. The cost of world class cybersecurity for a Federal agency is much less than the cost of one serious compromise. Cybersecurity is actually an enabler of collaberation.

I retired as the Information Technology Manager for a large federal installation and have numerous certifications, including some from NSA, in cybersecurity. The National Institute for Standards and Technology (NIST) has provided policy for the protection of sensitive but unclassified information for all Agencies, with leeway for each Agency to tailor its security policy according to its needs.

There are four fundamental problems. First, employees view the computer as personal property even though it has a tag identifying it as the property of the agency (or government contractor). Second, managers don't take security seriously, which leads to underfunding and noncompliance. Third, violators of policies that result in compromises are are rarely punished. Fourth, Inspector Generals at the various agencies have not adequately trained their personel in how to conduct audits and generally have too few personnel to investigate cybercrimes.

One solution to the funding problem is the dreaded earmark. Each Agency should be required to spend a percentage of its budget on cybersecurity, to include as a minimum virus and spyware protection: intrusion detection' firewalls; automated security updates; encryption technology; vulnerability/penetration testing; and the preparation and maintenace of strong security and disaster recovery plans for its computer systems. Cybersecurity for each Agency should also be exempted from automatic across-the-board Agency budget cuts.

The remaining problems are basically enforcement issues. I believe that the most economical solution would be to enlarge the staff of each Agency's Inspector General (IG), provide the staff with adequate training and give the IG the authority to enforce policies and institute adverse actions against flagrant violators.

Using Mac computers doesn't solve many problems, since most Macs now run a version of UNIX and also emulate the Windows environment to support common office applications, leaving them vulnerable to both UNIX and Windows vulnerabilities, unless the computer is properly maintained.

The U.S. is already behind the power curve as far as cybersecurity is concerned, Russia and China have already launched cyber attacks the U.S. and other countries. This is no time to be trying to teach Homeland Security what needs to be done to prevent it when NSA has the expertise, and has had for decades, to protect us. I'm not worried about NSA, or anyone else for that matter, reading my mail. They would probably find it rather boring. Our first priority should be the security of our nation's cyber systems.

The National Security Agency has long been involved with the computer security research community via the agencys Information Assurance program. The NSA has been working on a software-based security mechanism for operating systems called FLASK. This particular security architecture has been implemented in Linux and the hope is that it will ultimately be implemented on other more popular consumer operating systems. I believe the question of whether they should handle cybersecurity is not the correct one; they already are involved. We should be thinking more along the lines of increased oversight by Congress and the Director of National Intelligence.

Since the Office of the Director for National Intelligence already 'owns' the National CounterTerrorism Center (NCTC) and the National CounterProliferation Center (NCPC), it only makes sense to dispense with the Agency infighting between NSA (DoD) & DHS and kick the NCSC up a notch, placing it under the ODNI.

I don't get it.

I thought the Department of Homeland Security was SUPPOSED to be the clearing house for all security related information. DHS was created because we ALREADY had little fiefdoms that wouldn't share their respective informations nicely with other agencies. The result of this debacle lead up to 9/11.

It is true that the NSA has their own set of secrets that they keep (and SHOULD keep, such as crypto code development and breaking), but IMHO the rules have already been written. To take away key responsibilities from DHS is setting the clock backwards and should not be allowed. Otherwise we will have 9/11: The Sequel.

There is a disconnect between the government and the governed
Each wants to spy on the other, while preserving their privacy

Let the “responsible men” (bankers ?) rule without interference from
“ignorant and meddlesome outsiders” (the voters)

In response to "Someone who knows." No need for paranoia here... it's really not necessary, but caution is... While some of what you say is true... I think we both know (if you truly are in the "know") that this kind of access to our personal lives/information is an open door for those who want to use it. Albeit it’s being gathered for "national security" reasons; it has been used in the past for ulterior motives, completely unrelated to national security by those who have the "access" against those who don’t. These types of situations were created in part because one party was enabled to do what they want, when they wanted, and there was little or no oversight. No checks and balances. In short, don't piss the wrong people off... right? Ever wonder why classified information is compartmentalized? (I’ll give you a hint: it’s to prevent oversight by creating natural barriers to what can be exposed. It’s also to prevent any one party from having access to too much information and putting the pieces of the puzzle together, thereby taking advantage of the information they have access too. It’s a method of control.) Our personal lives and activities are not necessary information for government “spoofs” to have access to without being under the eye of some kind of scrutiny. True, the spoofs aren’t interested in what you do in your personal life, but others are… (Perhaps it really is a good idea to put GPS tracking devices on all of our children after all! That way we’ll always know where they are… Ah… don’t worry about those pesky child molesters out there… there’s not that many, and we know who they all are, and where they are right? Being sarcastic here…) Private information is not essential for national security purposes. But that same information can be very dangerous in the wrong hands if used against you on a personal or professional level thru blackmail or other coercive measures. THUS, the necessity and reason behind "Checks and Balances." This is OUR protection, built into the governmental system. Though not perfect; it’s absolutely necessary because it creates a potential for exposure of abuses within the system. And that’s really the point here… turning the "watcher" into the "watched." When one knows they are being watched, they act differently than when they believe they aren't. Government must always be under the eye of scrutiny. If you are abdicating "no need" for checks and balances, then the natural question would be "Hmm... Why not? And what’s your place in this?" Hard to justify an answer to that one, eh? Especially if you are “in the know.” No one in the world does better Intel collection and analysis than the US Government, it’s something to be very proud of… yet at the same time that power needs to be respected and kept under control. Lest it be used against us (it’s own people). Checks and Balances are one of those forms of control. It would be nice if we really did live in a world where we could all "just get along" and trust each other, but that's just not realistic. Especially when it comes to government. Call it paranoia or whatever you want. I work for government, and have been in situations where I’ve see it from the inside. Corruption still exists, and always will... and there will always be a need to root it out like the cancer that it is. Problem is, it’s not always so “Black and White.” There’s lots of gray… There’s always a way to “justify a need to know something,” it’s all in how it’s done. Yet it cannot be done, if the information is not available to the user. Great quote provided by Matthew from Ben Franklin. It really says it all. “The instant you are willing to sacrifice LIBERTY for SECURITY …. YOU HAVE LOST BOTH!” Never sacrifice LIBERTY… Long live the Constitution!

Oh yeah... forgot... More acronyms... we need more acronyms!!!

"They weren’t listening to you talk about your sex life "
Repressed perverts, or exemplory sexual adjustment and development,
What is the secret ? - NSA, CIA, FBI, not enjoying U$ culture ?
Only watch Chinese, Japanese, Korean, Russian Porn ?
"The CIA is tracking all your porn printouts"
"Yes, your printer is spying on you"
“NSA access was built into Windows”

Actually. the spooks do take security oaths, not to divulge.
But, sometimes, they are not perfect, - forget to shred their memories
Blurt out details, of listening in on Osama's satelluite phone
Monitoring Iran's secret internal communications etc.
There is extra to be made freelancing; John Walker spying for the Soviets

Perhaps, a requirement for the spooks, is not a drug test,
but free drugs, in the form of all you can drink, before leaving work

Cyber Security should be spread over DHS, NSA, and FBI and they should all work together. Each agency has their own strengths and weaknesses and they should work together to bring everything together.

Having all the security under one roof makes sense. There is far too much comeptiton and lack of cooperation between agencies even post 9/11. We might have been able to avoid 9/11 id agancies did a better job of sharing info which they have shown unable to do time and time again.

From your VISA, printer, Googlings, Windows, RFID tires, RFID shoes,
Internet devices, Cell Phone GPS, IRS, Facial recognition cameras
Under the thumb of responsible men, We will be watching and listening to you

To be useful, for extreme accurate profiling; All the data tied together
Restoring confidence in the U$, via the Obama Bailout RFID logo ?

You will be pre-emtively profiled, before boarding a plane; - Sorry Sir, but you match the profile of a person who throws up on the plane's carpet.

cybersecurity shouldn't be done by government at all. At the end of the day all threats come from private industry therefore private industry should be responsible for the quality of software. There is nothing the government can do to prevent malware or poorly written software. And if the NSA starts deciding what information gets out and what doesn't, well you'll only have an even more advanced wiretapping network....

People do not want to be spied upon – want privacy
The government, to catch Osama, needs to scan your hard drive
Every connection, every device, has to be logged and analysed
Sony, to protect it's property, needs to install Digital Rights Management
Microsoft needs to make your screen go black, if you did not pay up
NSA had (has ? ) – trapdoor into windows – printers have secret codes
Add the "criminal" organization trojans, bogans, gargoyles, clickjacks

Lucky, my computer has the occasional CPU cycle to scan the keyboard

Outsource it to India - judging by the level of comments on this blog there is no one left in the US capable of doing this task...

The Comissars, running Commie Gulags, set standards of secracy and security - code words, barbed wire - we need to protect from Osama