Risk
11/2/2009
11:01 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
Repost This

Pressure Grows To Name National Cybersecurity Coordinator

Five months after President Obama announced plans to appoint a cybersecurity coordinator, some members of Congress are getting impatient and pressing for action.

Five months have passed, including the just completed "cybersecurity month," since President Obama said that he would hand pick a cybersecurity coordinator for the federal government. That position, however, remains unfilled.

In announcing the newly created position of cybersecurity coordinator on May 29, Obama cited the "critical importance" of securing the United States' cyber infrastructure. The job, he said, would entail "orchestrating and integrating all cybersecurity policies for the government; working closely with the Office of Management and Budget to ensure agency budgets reflect those priorities; and, in the event of major cyber incident or attack, coordinating our response."

Many names have been mentioned as possible appointees to the position, and there have been media reports that an appointment was imminent, yet they haven't panned out.

Some members of Congress are growing impatient. In September, the co-chairmen of the House Cybersecurity Caucus, Reps. James Langevin, D-R.I., and Michael McCaul, R-Texas, said they were "deeply concerned by the delay." The following week, Rep. Ann Kirkpatrick, D-Ariz., urged the quick appointment of the cybersecurity coordinator.

Last month, Rep. Yvette Clarke, D-N.Y., chairwoman of the House Homeland Security Committee's Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, asked members of trade organization TechAmerica to join her in pushing the White House to put a cybersecurity coordinator in place.

Last week, Sen. Joe Lieberman, ID-Conn., joined the fray, announcing that he would introduce a bill with Sen. Susan Collins, R-Maine, that would make the cybersecurity coordinator a Senate-confirmed official. Lieberman said in a press release that the position was needed "to ensure that everyone is working off the same playbook."

Without a cybersecurity coordinator, there's no nexus for government-wide cooperation on cybersecurity and no authoritative voice to speak out on issues such as the security of critical infrastructure or international standards, said SANS Institute research director Allan Paller. "This position matters enormously," Paller said. "It's a big problem not having a White House coordinator."

Despite the delay, the government has taken a number of strong, positive steps on cybersecurity over the past several months, Paller said. The Department of Defense has consolidated cybersecurity efforts under NSA director Keith Alexander and a new cyber command. The Department of Homeland Security has asserted its leadership under Phil Reitinger, deputy undersecretary of the DHS' National Protection & Programs Directorate. And the FBI and Secret Service have ramped up their cybercrime efforts.

In the meantime, Chris Painter is serving as cybersecurity coordinator on an interim basis, on loan to the White House from the Federal Bureau of Investigation, where he worked for years on cybercrime and cybersecurity issues.

Among the names mentioned by various sources as potentially taking the full-time position are Microsoft VP of trustworthy computing Scott Charney, former assistant secretary of Defense Frank Kramer, former White House special adviser for cybersecurity Howard Schmidt, Obama transition team technology adviser Paul Kurtz, and Painter.

Those who have either taken themselves out of the running or are said no longer to be being considered include former Rep. Tom Davis, R-Va., and former top White House cybersecurity official Melissa Hathaway.



InformationWeek Analytics has published a guide to the Open Government Directive and what it means for federal CIOs. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web