Three views on Pres. Obama’s delayed selection of cybersecurity czar

September 15th, 2009

Since his historic May 29th speech calling for strong U.S. cybersecurity policy, Pres. Obama has been silent on the topic, as internal White House debate continues about the naming of a cybersecurity adviser reporting directly to Obama. Here are three perspectives on the delay:

Patricia Titus, Chief Information Security Officer, Unisys Federal Systems. LastWatchdog guest blog post. 15Sept2009

patriciatitus3While the delay in appointing a national cyber security coordinator is cause for concern, the dearth of information on the roles and responsibilities of this official is perhaps even more disturbing.

The current cyber security crisis continues to take a backseat to other pressing Obama Administration hot ticket items. Recent questions and concerns over the resignation of Melissa Hathaway and Mischel Kwon, two cyber security experts, has cast a shadow on the growing void of government professionals with depth in this critical field at the senior executive level.

While reports indicate the shortlist for filling the position is shrinking, the announcement could still be weeks away – casting doubts on if this remains a true priority for this administration. More delays could come while the coordinator fills key positions and secures funding.

The urgent need for an appointment has been underscored by the continued cyber attacks reported over the past months. For example, on July 4, we saw paralyzing Distributed Denial-of -Service attacks that choked off access to the resources of the federal government and key financial institutions. Since then, the government has not released any information to explain who was responsible or if any other malicious activity took place during this attack.

This lack of information is precisely the type of issue the private sector anticipates the Cyber Security Coordinator will address by facilitating policy and organizational changes to ensure that accurate and concise attack data is provided to key stakeholders. This will assist in awareness and provide critical infrastructure owners the ability to remediate vulnerabilities to stifle further attacks.

But even after the President announces who will fill the position, it remains unclear if the roles and responsibilities of that person have been outlined to ensure appropriate authority is enacted. Does the President anticipate this role to be a facilitator or executor? Will the person in this position actually have the authority to determine where there is redundancy among diverse cyber security entities such as NSA, DHS and ODNI, and assign responsibilities to specific agencies to eliminate duplicative effort?

The need for centralized control of cyber security policy has been noted, so we would assume the Cyber Security Coordinator will provide policy to all levels of the federal government. This is where the authority lines need to be clearly defined to ensure there isn’t a clash with policy already being developed by the individual communities. Waiting until this person is named will further delay the near-term action items.

U.S. Rep. Ann Kirkpatrick, D-Ariz., member of the House Committee on Homeland Security. Excerpts from a speech given today (15Sept2009) on the House floor.

ann-kirkpatrick_crop250px1“Mr. Speaker, one of the greatest threats to our national security is the vulnerability of our Nation’s technology infrastructure.

In this age where everything is becoming wired, computers oversee our bank accounts, military systems, electric grid, communication systems, dams and power plants, air traffic control systems and countless other vital parts of our society.

These systems are attacked every single day. The fact is, one of these systems is likely being attacked right now.

The President has said that securing our nation’s networks is a priority for his administration. However, I am concerned that while Congress was away in August, two of our government’s top cybersecurity officials resigned, and we still have no cybersecurity coordinator within the White House.

We must regain focus, fill these vacant high-level positions and implement a plan to secure our networks before an attack does irreparable harm to our Nation.”

US Reps. James R Langevin, D-Rhode Island, and Michael McCaul, D-Texas, co-chairs of the House cybersecurity caucus.  Excerpts from a 10Sept2009 co-signed letter to Pres. Obama.

james-langevin_crop125px michael-mccaul_crop125_edited-1“While we are pleased to see progress on the first step, we are deeply concerned by the delay in acting on the second.

Specifically, we strongly believe that the continued absence of a permanent cybersecurity coordinator impedes the ability of federal agencies to move forward in updating and strengthening their aging cyber policies, while also complicating our efforts to collaborate with private institutions that play such a critical role in keeping our nation safe.

Your administration has demonstrated a commitment to a strong cybersecurity policy, and we greatly appreciate your early attention to this issue. We now respectfully urge you to solidify these efforts by swiftly appointing a cybersecurity coordinator.”