Cyber Secrets

By Sebastian Sprenger / July 1, 2009 at 5:00 AM

Defense Secretary Robert Gates' decision to have the National Security Agency chief also lead the new U.S. Cyber Command guarantees the intelligence community a sizeable role in U.S. government cyberspace efforts.

It also means the funding streams for the new command could in large part be classified.

Given the new command's firm footing in the intelligence world, the House Permanent Select Intelligence Committee likely will be an important congressional panel for command officials in the areas of oversight and funding.

The unclassified portion of the panel's fiscal year 2010 intelligence authorization bill, unveiled last month, fits on a handy seven pages. The committee's report on the legislation, while it is 172 pages long, is equally thin on specifics.

"In furtherance of the President's emphasis on protecting government information systems, the bill also makes a sizeable investment in foundational cybersecurity capabilities," the document states.

Some parts of the report, albeit phrased in general terms, reveal lawmakers' concerns in the cybersecurity arena.

The document describes the following "standards" committee members intend to apply in their oversight role:

* "Funding for cybersecurity programs may need to be reduced or slowed until the future direction for cybersecurity is better defined.

* "Any cybersecurity strategy or plans should include clear goals and metrics to enhance program and congressional oversight.

* "There needs to be a clear doctrine for the use of offensive cyber capabilities.

* "Securing government information systems should include efforts beyond building bigger and better firewalls, such as improving the capability to attribute attacks to specific government or private actors.

* "Expansion of cybersecurity authorities and capabilities must include stronger oversight mechanisms to ensure that any monitoring is conducted in a manner consistent with laws and regulations.

* "Securing government information systems will require both a significant increase in the number of cybersecurity experts in government service and a cultural change in the way federal employees approach computer and information security."

An upcoming U.S. Strategic Command implementation plan for U.S. Cyber Command likely will shed some light on the military's approach to these issues.

Unless the document is classified, that is.