Posted by: Arik Hesseldahl on December 22, 2009
Now that the Obama Administration has named the person who will be charge of national cyber-security issues, the question will now turn to what that person will need to do to ensure that the nation’s digital infrastructure is protected.
President Obama today named Howard A. Schmidt, a former chief security officer at Microsoft and a former chief information security officer at eBay to the position of Cybersecurity Coordinator. The position was recommended after a 60-day review of the nation’s computer and network security needs.
That review produced a report finding that the nation was “at a crossroads,” where digital information permeates national life, but using infrastructure that is inherently vulnerable to disruptive attacks. The report also called for creating “public-private partnerships” intended to bring government agencies and the private sector together in cooperation to share information and resources to fend off attacks before they happen, and coordinate responses when they occur.
That will be Schmidt’s job. Computer security industry experts said Schmidt has the unique combination of experience in law enforcement, government administration and private industry to navigate the job. Currently president and CEO of the Information Security Forum, a nonprofit computer security industry organization based in London, he served as vice chairman of the Critical Infrastructure Protection Board and as a special advisor for cyberspace security under President George W. Bush. He’s also a former agent with the Federal Bureau of investigation, where he led the Computer Exploitation Team at the National Drug Intelligence Center. He also served in the US Air Force, working in its Office of Special Investigation Computer Forensics Lab.
“Howard knows how Washington works, he has a strong career in the information security arena, and understands firsthand the issues involved,” says Richard Forno, principal consultant at KRvW Associates, an information consulting and training firm based in Alexandria, Va.
Forno, who has lectured at the National Defense University on information security, says he’s skeptical about the ability of anyone in the new position to carry out the job given. “While I remain cautiously optimistic about the ability of any cybersecurity coordinator to meet their mandate given the historic nature of the position, Howard’s appointment certainly gives an opportunity for a well-qualified person to try and make a real difference and bring us one step closer towards a meaningful and more importantly, effective, national cybersecurity posture.”
That sentiment was echoed by others in the security field. Bruce Schneier, chief security technology officer at BT, and a widely sought expert on information security, has criticized the idea of appointing a “cybersecurity czar.” As he wrote on his blog: “Schmidt is good, but I don’t know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority — I don’t know.” In a Dec. 11 blog post, Scheier criticized the concept of a cybersecurity czar position: “If you’re going to appoint a cybersecurity czar, you have to give him actual budgetary authority — otherwise he won’t be able to get anything done.”
Ken Silva, CTO at Verisign, the company that operates much of the infrastructure that underpins the Internet, praised Schmidt, saying the White House “Couldn’t have picked a better man for the job than Howard.”
“Security has to be a top-of-mind issue, both in the private sector and in government, from the board of directors level all the way down to the level of individual contributors,” Silva said. “Howard knows the issues, and now he’s going to have to go about tackling them.”
Schmidt recorded a short video message for the White House Web site after his appointment was announced. I’ve embedded it below.