Center for American Progress Center for American Progress
Issues National Security Homeland Security

Bush’s Budget Repeats Cybersecurity Mistakes

By Peter Swire | February 4, 2008

The Bush administration wants to place more black boxes on private-sector computer networks. We've already learned a lot about the NSA wiretap program and its Narus STA 6400 splitter — that’s the black box that AT&T whistleblower Mark Klein reported the NSA placed at a major node for voice and Internet communications (inside this secret room).

The president’s budget wants to go much further. It moves beyond telcos and allocates $6 billion for a secretive system that is designed to protect government and private computer systems from attack. According to the Wall Street Journal, the White House proposal “would likely require the government to install sensors on private, company networks.”

This proposal repeats the mistakes of the Federal Intrusion Detection Network, which proposed similar monitoring of private computer systems when it was proposed in 1999. That aspect of FIDNet was quickly withdrawn, for at least three good reasons:

1. Private companies are understandably reluctant to permit the government to attach unknown hardware or software to their corporate systems. The risks of security breach and operational problems are too high, especially given the long history of computer security failures by the federal agencies themselves.

2. Direct federal intervention in private computer systems raises innumerable legal and policy issues about privacy, the Fourth Amendment, and the scope of government surveillance.

3. The new proposal ignores the sensible principles for cybersecurity that were adopted in the wake of the FIDNet fiasco and built into the Federal Computer Incident Response Center. Quite simply, the federal government should adopt best security practices that apply to private systems.

Under this approach, the federal government should adopt state-of-the-art intrusion detection software and other measures for its own systems to combat intrusions into federal systems. The federal government should not, however, try to install its equipment into private systems.

To speak with our experts on this topic, please contact:

For print and radio, John Neurohr, Deputy Press Secretary
202.481.8182 or jneurohr@americanprogress.org

For TV, Sean Gibbons, Director of Media Strategy
202.682.1611 or sgibbons@americanprogress.org

For web, Erin Lindsay, Online Marketing Manager
202.741.6397 or elindsay@americanprogress.org

Subscribe to RSS Feeds

RSS IconSite-Wide and Issue-Specific RSS Feeds

Related Articles

Interactive Map: The 101 Most Dangerous Chemical Facilities

Chemical Security 101, by Paul Orum, Reece Rushing

The Right Way to Remember 9/11, by P.J. Crowley, Michael Signer

How the Next President Can Improve Homeland Security, by P.J. Crowley

No, You Can't Search My Laptop, by Peter Swire

Also by Peter Swire

The FTC @ 100 and the Future of Consumer Protection, October 30, 2008

No, You Can't Search My Laptop, June 25, 2008

Protecting Personal Information: Is the Federal Government Doing Enough?, June 18, 2008