Mike McConnell, former director of national intelligence, believes the United States is not moving quickly and effectively enough to secure the nation’s networks.
Speaking at the “Cyber 1.0” conference, McConnell said prior to leaving the federal sector, he advocated for the creating of an “independent specified command” that would be responsible for securing civilian and military networks, advise which he says was ignored.
The U.S. cybersecurity posture currently provides that the military will defend DoD and intelligence networks but that the private sector, in cooperation with DHS, will be responsible for securing the .com sector, which includes financial institutions, energy and telecommunications.
McConnell, currently of Booz Allen Hamilton, advocates for a more active role of the National Security Agency, widely seen as the best in cybersecurity, and DoD. McConnell’s proposal would allow the new military command to provide “technical support” to DHS.
He believes the current laws detailing the functions and roles of the defense and intelligence communities are inadequate. McConnell says the United States needs another Sen. Goldwater figure who could help to institute change to the current laws to reflect the role the intelligence and defense communities should play in cybersecurity.
However, McConnell is not convinced this will happen anytime soon.
“What I would predict is we’re going to debate this until we have a catastrophic event,” he said.
McConnell also revealed more information about his relationship with then-President George W. Bush. He said a meeting with Bush and other administration officials led to $17.3 billion being put toward cybersecurity.
During the meeting, McConnell was initially making the case for a cyber attack relating to the war in Iraq. After several minutes of discussion, Bush approved the request and McConnell used the extra time to discuss possibly expanding cybersecurity expenditure.
“I sat there for maybe 10, 12 second and I said to myself,’ self, if you don’t do this, you will regret it for the rest of your life.’”
Bush granted McConnell permission to take one month to develop a proposal. Eventually, $18 billion was requested in funding and $17.3 billion was approved.
“I wish I’d been smart enough to ask for 40 billion,” McConnell said.
The money has been used to secure the military and government domains but has not been used to enhance security in the private sector.
“[The money] has enhanced .mil and starts down a path to protect .gov. It does nothing, zero, for .com, which is 98 percent of the problem,” McConnell said.