Security: Who should be in charge?

Should the Defense Department assume responsibility for safeguarding the

country's communications infrastructure? A retired Navy vice admiral now

working in the private sector said the time has come for public debate on

the question.

"We're going to have to make a decision of that magnitude," said Michael

McConnell, a retired intelligence officer and former director of the National

Security Agency. "What would the FBI say? Or the Judiciary Committee?" he

asked.

Civilian law enforcement is responsible for investigating cybercrime

and network attacks, but McConnell suggested that those agencies do not

have the staffing necessary to defend against the terrorist-backed and state-sponsored

cyberattacks that are now possible.

Lawmakers would be concerned over the constitutionality of putting DOD

in charge, he said, adding that he would "not conclude" DOD should take

on the job, but believes the risk is great enough now to warrant discussion

of it.

An expert on information warfare and assurance said DOD should not be

given the role of guarding the country's communications networks. "Absolutely

not," said Dorothy Denning, director of Georgetown University's Institute

for Information Assurance. "A lot of the critical infrastructure, if not

most, is owned by the private sector, not the Defense Department, and the

government does not have a good track record of defending its own systems."

—McConnell is now a vice president for Booz-Allen & Hamilton Inc.

in charge of the company's infrastructure and information assurance division

for federal and commercial clients. He made his comments Sept. 28 to government

and industry officials in Alexandria, Va.