Three views on Pres. Obama’s delayed selection of cybersecurity czar

September 15th, 2009

Since his historic May 29th speech calling for strong U.S. cybersecurity policy, Pres. Obama has been silent on the topic, as internal White House debate continues about the naming of a cybersecurity adviser reporting directly to Obama. Here are three perspectives on the delay:

Patricia Titus, Chief Information Security Officer, Unisys Federal Systems. LastWatchdog guest blog post. 15Sept2009

patriciatitus3While the delay in appointing a national cyber security coordinator is cause for concern, the dearth of information on the roles and responsibilities of this official is perhaps even more disturbing.

The current cyber security crisis continues to take a backseat to other pressing Obama Administration hot ticket items. Recent questions and concerns over the resignation of Melissa Hathaway and Mischel Kwon, two cyber security experts, has cast a shadow on the growing void of government professionals with depth in this critical field at the senior executive level.

While reports indicate the shortlist for filling the position is shrinking, the announcement could still be weeks away – casting doubts on if this remains a true priority for this administration. More delays could come while the coordinator fills key positions and secures funding.

The urgent need for an appointment has been underscored by the continued cyber attacks reported over the past months. For example, on July 4, we saw paralyzing Distributed Denial-of -Service attacks that choked off access to the resources of the federal government and key financial institutions. Since then, the government has not released any information to explain who was responsible or if any other malicious activity took place during this attack.

This lack of information is precisely the type of issue the private sector anticipates the Cyber Security Coordinator will address by facilitating policy and organizational changes to ensure that accurate and concise attack data is provided to key stakeholders. This will assist in awareness and provide critical infrastructure owners the ability to remediate vulnerabilities to stifle further attacks.

But even after the President announces who will fill the position, it remains unclear if the roles and responsibilities of that person have been outlined to ensure appropriate authority is enacted. Does the President anticipate this role to be a facilitator or executor? Will the person in this position actually have the authority to determine where there is redundancy among diverse cyber security entities such as NSA, DHS and ODNI, and assign responsibilities to specific agencies to eliminate duplicative effort?

The need for centralized control of cyber security policy has been noted, so we would assume the Cyber Security Coordinator will provide policy to all levels of the federal government. This is where the authority lines need to be clearly defined to ensure there isn’t a clash with policy already being developed by the individual communities. Waiting until this person is named will further delay the near-term action items.

U.S. Rep. Ann Kirkpatrick, D-Ariz., member of the House Committee on Homeland Security. Excerpts from a speech given today (15Sept2009) on the House floor.

ann-kirkpatrick_crop250px1“Mr. Speaker, one of the greatest threats to our national security is the vulnerability of our Nation’s technology infrastructure.

In this age where everything is becoming wired, computers oversee our bank accounts, military systems, electric grid, communication systems, dams and power plants, air traffic control systems and countless other vital parts of our society.

These systems are attacked every single day. The fact is, one of these systems is likely being attacked right now.

The President has said that securing our nation’s networks is a priority for his administration. However, I am concerned that while Congress was away in August, two of our government’s top cybersecurity officials resigned, and we still have no cybersecurity coordinator within the White House.

We must regain focus, fill these vacant high-level positions and implement a plan to secure our networks before an attack does irreparable harm to our Nation.”

US Reps. James R Langevin, D-Rhode Island, and Michael McCaul, D-Texas, co-chairs of the House cybersecurity caucus.  Excerpts from a 10Sept2009 co-signed letter to Pres. Obama.

james-langevin_crop125px michael-mccaul_crop125_edited-1“While we are pleased to see progress on the first step, we are deeply concerned by the delay in acting on the second.

Specifically, we strongly believe that the continued absence of a permanent cybersecurity coordinator impedes the ability of federal agencies to move forward in updating and strengthening their aging cyber policies, while also complicating our efforts to collaborate with private institutions that play such a critical role in keeping our nation safe.

Your administration has demonstrated a commitment to a strong cybersecurity policy, and we greatly appreciate your early attention to this issue. We now respectfully urge you to solidify these efforts by swiftly appointing a cybersecurity coordinator.”

Sort by:   newest | oldest | most voted
Scott Cleland

Great post. Cyber-security remains an under-appreciated urgent priority. The reality remains that bad actors can wreak more damage with less effort in they virtual world than bad actors could ever hope to achieve in the physical world.

Stanton Sloane

Thanks Byron for sharing a good cross section of views. I still maintain that without the power to drive change, the cybersecurity czar will be a czar in title only. To succeed, he/she will need the power of the federal purse, the mantle of diplomatic authority and – as reported – inside access to the White House. He/she will have to be a big-picture planner and a credible voice to industry. Let’s get it done. Thank you again for keeping this important topic on our radar.

Dr. Stanton Sloane
SRA International CEO

Phillip Dunkelberger - CEO of PGP Corporation and Chairman of TechAmerica's Cybersecurity CxO Council
Thank you Byron for bringing this issue to the table. The relentless cyber-attacks experienced by both the private and public sectors represent a clear and present danger to both our security and economic recovery. Without leadership in place, it is impossible to make material progress on securing the nation’s strategic cybersecurity assets. The agenda in Washington will be dominated by healthcare and financial regulatory reform and defense for the remainder of the year. However, we cannot afford to allow the nation’s cybersecurity needs to languish while we focus on these key issues because cybersecurity is integral to each of them.… Read more »
John Prisco
As the CEO of a privately held security company, I was very interested when I heard that security was a presidential priority, and I almost allowed myself to get excited when I heard that there would be a cyber security Czar answering to the President. But in the months that have passed since that original announcement, I have become increasingly concerned that security has taken a back seat to other initiatives and that it won’t become a priority again until it’s too late — How often did any of us hear the Executive Office talk about the health of the… Read more »
Torsten George, Vice President Worldwide Marketing, ActivIdentity

Considering that this month, the federal reserve chairman himself became a victim of identity theft — one of the fastest growing crimes in the world — it appears that implementing a cybersecurity coordinator to help enforce national policy in regards to cybersecurity and addressing protecting individual digital identities should be as much a national priority as healthcare reform. We hope the president moves swiftly to find the right person to lead this critical initiative.