Janet Reno dismisses central cyber-security agency

As part of a recent government-wide scramble to tame the Wild, Wild Web, Senate Governmental Affairs Committee Chairman Fred Thompson (Republican, Tennessee) and Senator Joseph Lieberman (Democrat, Connecticut) announced hearings planned for 2 March on legislation to improve government network security by creating a centralised oversight authority within the Office of Management and Budget (OMB). The OMB works on behalf of the White House to evaluate the effectiveness of federal agencies, and to establish allocation priorities among them. Its oversight tends to be more pragmatic than political. Both Senators have in mind securing military and law-enforcement networks and essential civilian services such as banking, electricity and transportation from organised threats lurking abroad. "If we know some entity, some group, has got the ability to massively disrupt us, that's ample blackmail material. And I think that's the kind of threat we're going to be facing across the board -- whether it's cyber-terrorism or nuclear or biological -- from these smaller entities," Thompson said. Lieberman agreed. "I'm not going to be a doomsday prophet, but there have been tactical intrusions into our government systems.... We've been working hard to raise our defenses, and so far we've been successful -- and, I suppose you'd say, lucky," he said. "But let's face it, it's only a matter of time, and when it comes it will be a major problem," he added. Most heretical, Lieberman suggested that the FBI's National Infrastructure Protection Center (NIPC) could be made an independent agency focused exclusively on network security, rather than investigating cyber-crime and acts of terrorism. While we can't predict all that Thompson and Lieberman will put on the table later this week, one possible consequence of such a move would be to remove the NIPC from obligation to act at the FBI's pleasure. And regardless of whether that's a fair reading or not, the whole scheme smacks decidedly of placing civilian authority above military and federal law-enforcement authority, much to the horror of numerous vested interests in the Federal Bureaucracy. US Attorney General Janet Reno was particularly appalled by the Senators' proposal. "[Security] is not just a matter of centralizing a particular function in a particular office, it is a matter of developing technology to protect the technology," Reno commented during her press availability session last week. "We need the equipment, we need the expertise. We need cooperation from foreign governments to be able to trace these attacks. We need to cooperate with foreign governments to protect their infrastructure. We've got to design a system that....is secure, Reno said." At first glance Reno's statement might be mistaken for a wise admonition against rigid supervision and other elements of Big Government. But to read it that way, we have to answer the question of when, if ever, the Reno Department of Justice (DoJ) has acted to reduce government intrusions into the private lives of citizens. What Reno is responding to so strongly here is the horrifying thought that the FBI, and in some circumstances even the DoJ, might have to answer to ordinary non-combatants at OMB in matters of cyber-security. Furthermore, the cushy little partnership of mutual affection between the DoJ and the White House might find itself strained by a dour, skeptical chaperone. OMB oversight might also put a crimp in Reno's mission to limit the technical standards of communications devices to those the FBI knows how to bug. It will certainly subject both the DoJ and FBI to the nuisance of annual audits by OMB, any one of which would have the potential to unearth embarrassing factual data on the Justice Department's relative competency in this area of law enforcement. Both Reno and FBI Director Louis Freeh remain strongly attached to working in cyber-crime, in spite of a dismal record of prosecutions, and a humiliating backlog of evidence yet to be examined. This irrational attachment to an area where the DoJ is clearly outclassed most likely reveals a growing sense of insecurity that the Internet might develop into something that the DoJ and FBI can't patrol at all, instead of what it is now: something that they can't patrol very well. And certainly those annual OMB audits have got to be a worry. It's not hard to imagine that the DoJ's paltry number of prosecutions, taken in context of the vast quantities of taxpayer money the Department has spent to get them, might lead the OMB to conclude that there is little rational justification for the DoJ's continuing presence on the cyber-crime battlefield. ®