Still no cybersecurity plan from administration

The Obama Administration has not yet developed a proposal for how to deal with cybersecurity, James Baker, Associate Deputy Attorney General in the Justice Department, told a Senate panel today.

"We don't want to mess up the capabilities we have now," he said during a hearing held by the Senate Judiciary Subcommittee on Terrorism and Homeland Security. "We are cognizant of the need to review" the government's approach to cyber threat detection and protection, but "we don't want to make any mistakes."

The hearing was part of an ongoing discussion between Congress and the Administration over cybersecurity. President Obama has not yet appointed a National Cybersecurity Coordinator, and advocacy groups are getting antsy. There is still debate over which agency should oversee the efforts--the National Security Agency, the Defense Department, the Homeland Security Department or elsewhere within the government.

The NSA is developing the "Einstein 3" system, which will monitor government computer traffic on private sector sites. Privacy groups and the DHS have questioned the program because of the potential invasion of privacy risks. 

Any cybersecurity policy "should not include governmental monitoring of private systems," said Greg Nojeim, senior counsel for the Center for Democracy and Technology. "We object to the secrecy that has shrouded the Einstein programs. Excessive secrecy undermines public trust and communication carrier participation, both of which are essential."

He added that independent audits should be done to "make sure Einstein does not reach private-to-private communications."

Sen. Ben Cardin (D-Md.) and Sheldon Whitehouse (D-R.I.) asked specifically about the boundary between private and public measures to monitor and protect networks from attacks.

"If the NSA has capabilities beyond the telecom providers, why should we not let NSA take the lead?" Whithouse asked.