By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, March 19, 2008 8:21 PM
The Bush administration is planning to tap a Silicon Valley entrepreneur to head a new inter-agency group charged with coordinating the federal government's efforts to protect its computer networks from organized cyber attacks.
Sources in the government contracting community said the White House is expected to announce as early as Thursday the selection of Rod A. Beckstrom as a top-level adviser based in the Department of Homeland Security. Beckstrom is an author and entrepreneur best known for starting Twiki.net, a company that provides collaboration software for businesses.
The new inter-agency group, which will coordinate information sharing about cyber attacks aimed at government networks, is being created as part of a government-wide "cyber initiative" spelled out in a national security directive signed in January by President Bush, according to the sources, who asked to remain anonymous because they did not have permission to talk publicly about the information.
The presidential directive expanded the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems. According to the sources, the center will be charged with gathering cyber attack and vulnerability information from a wide range of federal agencies, including the FBI, the National Security Agency and the Defense Department. Beckstrom will report directly to Homeland Security Secretary Michael Chertoff.
Reached via phone Wednesday evening, Beckstrom declined to provide any specifics about his new position, saying only, "I'm thrilled to be on the DHS team, and I am looking forward to doing my best to serve the country."
The White House and the Department of Homeland Security declined to comment.
Beckstrom's appointment comes at a time when the government has acknowledged that its information systems have been the target of repeated cyber attacks originating in other counties. The attacks have lead to compromises and several large data breaches at federal agencies and contractors.
Sources with knowledge of the selection process said Beckstrom's candidacy was backed chiefly by top brass at the Defense Department and the National Security agency.
But Beckstrom's appointment raises a number of questions. James Lewis, director of technology and public policy for the Center for Strategic and International Studies, noted that DHS only recently appointed Greg Garcia, former head of the Information Technology Association of America, to be assistant secretary for cyber-security and telecommunications, a position fought for and won through tireless lobbying from lawmakers on Capitol Hill who believed DHS wasn't placing a strong enough emphasis on cyber.
Garcia in turn answers to Robert D. Jamison, who serves as Under Secretary for National Protection and Programs Directorate. When asked last week at a press briefing about a simulated cyber attack against the United States who would lead the government's response in the event of a sustained cyber attack on the federal government, Jamison said that duty would fall to him.
"Here you have a group that's allegedly in charge of cyber for DHS, and then we see another group being set up outside that in a structurally new way," said Lewis, whose employer is spearheading a group of industry and government cyber experts called the "Commission on Cyber Security for the 44th Presidency," which is expected to present the next president with a series of actionable recommendations he or she can take to tackle some of most pressing cyber security problems facing the government, industry and consumers. "We still don't know what [Beckstrom's] relationship will be to all of the other bits of cyber bureaucracy lying around."
Roger Cressey, a former Bush administration official and president of Good Harbor Consulting, said the creation of a new coordinating group on cyber-security "reflects a concern that government networks have been compromised at an unprecedented level."
"The very fact that the president signed a cyber-security presidential directive in the last year of his administration reflects that the current approach the government is taking is not working," Cressey said.
By all accounts, Beckstrom is neither a cyber-security expert nor a Washington insider. But his private-sector background and published writings emphasize a decentralized approach to managing large organizations.
In "The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations," a book Beckstrom co-authored with Ori Brafman in 2006, the authors use the two creatures to illustrate their argument that decentralized organizations -- whether in the marketplace or the battlefield -- are more nimble, creative and resilient than those that operate in a rigid, top-down fashion.
Following this analogy, user-driven, starfish-like organizations distribute decision-making among all members. If parts of the organization are crushed, the whole survives and recovers, just as a starfish regenerates an arm if it is severed. In contrast, the book posits, industry and government are more akin to "spider" organizations that function within a centralized structure, with the leader calling the shots. One solid blow to the head cripples or kills a spider.
"Whether we're looking at a Fortune 500 company, an army, or a community, our natural reaction is ask, 'Who's in charge?'," Beckstrom and Brafman wrote. "The absence of structure, leadership, and formal organization, once considered a weakness, has become a major asset. Seemingly chaotic groups have challenged and defeated established institutions. The rules of the game have changed."
"I think it's a unconventional choice, and that's a good thing," Cressey said of the Beckstrom pick.