DHS-NSA Turf War Behind Official's Resignation

Rod Beckstrom Complains of NSA's Influence Over DHS Cybersecurity Role. Rod Beckstrom cited the lack of appropriate funding and the growing cybersecurity role of the National Security Agency, the super-spy agency administered by the Defense Department, as reasons behind his resignation as director of the Department of Homeland Security's National Cybersecurity Center (NCSC) effective Friday.

In the job just a year, Beckstrom complained that the Bush administration failed to adequately fund the center that he says fulfills DHS's responsibility to protect networks across the civilian, military and intelligence communities. "During the past year," Beckstrom wrote in his resignation letter to DHS Secretary Janet Napolitano, "the NCSC received only five weeks of funding, due to various roadblocks engineered within the department and the Office of Management and Budget."

Beckstrom also complained of the growing influence of the NSA, which effectively controls DHS cyber efforts through NSA employees assigned to the NCSC, as well as the proposed move of DHS's National Protection and Programs and NCSC to a Fort Meade, Md., NSA facility. "This is bad strategy on multiple grounds," he wrote. "The intelligence culture is very different than network operations or security culture. In addition, the threats to our democratic processes are significant if all top level government network security and monitoring are handled by any one organization, either directly or indirectly."

A DHS statement e-mailed to news agencies read: "We thank Rod for his service, and regret his departure."

Before joining DHS last March, Beckstrom was best known as the author of "The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations," which details an organizational theory for considering all organizations as existing on a continuum between centralized to decentralized, with different implications and strategies for each firm company on their position on that axis. A former Fulbright scholar, Beckstrom founded several high-tech companies.

GAO Faults Bureau on Failure to Test 2010 Census Systems

How secure are key IT systems to support next year's decennial census, and how well will they protect citizens' privacy? No one can say for sure.

That's because critical testing remains to be performed by the Census Bureau before its systems will be ready to support the 2010 census, according to a report issued late last week from the Government Accountability Office, the investigative arm of Congress.

GAO blames a lack of leadership from ranking Census Bureau officials for the failure to adequate test the systems. "Without adequate oversight and more comprehensive guidance, the bureau cannot ensure that it is thoroughly testing its systems and properly prioritizing testing activities before the 2010 Decennial Census, posing the risk that these systems may not perform as planned," David Powner, director of IT management issues at the GAO, said in prepared testimony delivered last week to the Senate Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security.

Leadership is a problem at the moment. President Obama has yet to nominate a new director of the Census Bureau, which is part of the Commerce Department. Obama's first two choices to head Commerce have withdrawn, and his third choice former Washington Gov. Gary Locke is awaiting Senate confirmation.

It's a predicament recognized by subcommittee chairman Sen. Tom Carper, the Delaware Democrat who chaired the hearing and noted that he called on Obama last month to nominate a new director as soon as possible. "We're at a critical juncture," Carper said. "I don't think it is overstating things to say that the 2010 census is approaching a state of emergency."

Carper also noted the lack of testing of key IT systems, saying: "With such a substantial reliance on new technology, a robust testing strategy is necessary to identify and correct any problems that may arise."

Powner, in his testimony, provided an example to illustrate the problem:

"Bureau reports do not provide comprehensive status information on progress in testing key systems and interfaces, and assessments of the overall status of testing for key operations are not based on quantitative metrics. Further, although the bureau has issued general testing guidance, it is neither mandatory nor specific enough to ensure consistency in conducting system testing."

To conduct next year's census, the government is relying on new IT and enhancements to existing systems. A year ago, GAO deemed the 2010 census a high-risk area, specifically mentioning the weakness of the Census Bureau's management of its IT systems and operations.

Not only have some system integration tests have yet to be performed, the GAO director said the bureau lacks a master list of interfaces between systems and has not developed testing plans and schedules.

"Although the bureau had originally planned what it refers to as a dress rehearsal, starting in 2006, to serve as a comprehensive end-to-end test of key operations and systems, significant problems were identified during testing," Powner testified. "As a result, several key operations were removed from the dress rehearsal and did not undergo end-to-end testing. The bureau has neither developed testing plans for these key operations nor has it determined when such plans will be completed."

With the census just 13 months off, GAO recommends the Commerce secretary direct the bureau to complete key system testing activities, develop and maintain plans and schedules for integration testing and improve the oversight of and guidance for systems testing.

In written comments submitted to GAO by Commerce Associate Undersecretary for Management James White, the department said it had no significant disagreements with the GAO recommendations. The department, however, said its focus is on testing new software and systems, not legacy systems and operations used in previous censuses. That troubled Powner.

"The systems in place to conduct these operations have changed substantially and have not yet been fully tested in a census-like environment," he said. "Finalizing test plans and schedules and testing all systems as thoroughly as possible will help to ensure that decennial systems will work as intended."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.