Risk
11/2/2009
11:01 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
Repost This

Pressure Grows To Name National Cybersecurity Coordinator

Five months after President Obama announced plans to appoint a cybersecurity coordinator, some members of Congress are getting impatient and pressing for action.

Five months have passed, including the just completed "cybersecurity month," since President Obama said that he would hand pick a cybersecurity coordinator for the federal government. That position, however, remains unfilled.

In announcing the newly created position of cybersecurity coordinator on May 29, Obama cited the "critical importance" of securing the United States' cyber infrastructure. The job, he said, would entail "orchestrating and integrating all cybersecurity policies for the government; working closely with the Office of Management and Budget to ensure agency budgets reflect those priorities; and, in the event of major cyber incident or attack, coordinating our response."

Many names have been mentioned as possible appointees to the position, and there have been media reports that an appointment was imminent, yet they haven't panned out.

Some members of Congress are growing impatient. In September, the co-chairmen of the House Cybersecurity Caucus, Reps. James Langevin, D-R.I., and Michael McCaul, R-Texas, said they were "deeply concerned by the delay." The following week, Rep. Ann Kirkpatrick, D-Ariz., urged the quick appointment of the cybersecurity coordinator.

Last month, Rep. Yvette Clarke, D-N.Y., chairwoman of the House Homeland Security Committee's Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, asked members of trade organization TechAmerica to join her in pushing the White House to put a cybersecurity coordinator in place.

Last week, Sen. Joe Lieberman, ID-Conn., joined the fray, announcing that he would introduce a bill with Sen. Susan Collins, R-Maine, that would make the cybersecurity coordinator a Senate-confirmed official. Lieberman said in a press release that the position was needed "to ensure that everyone is working off the same playbook."

Without a cybersecurity coordinator, there's no nexus for government-wide cooperation on cybersecurity and no authoritative voice to speak out on issues such as the security of critical infrastructure or international standards, said SANS Institute research director Allan Paller. "This position matters enormously," Paller said. "It's a big problem not having a White House coordinator."

Despite the delay, the government has taken a number of strong, positive steps on cybersecurity over the past several months, Paller said. The Department of Defense has consolidated cybersecurity efforts under NSA director Keith Alexander and a new cyber command. The Department of Homeland Security has asserted its leadership under Phil Reitinger, deputy undersecretary of the DHS' National Protection & Programs Directorate. And the FBI and Secret Service have ramped up their cybercrime efforts.

In the meantime, Chris Painter is serving as cybersecurity coordinator on an interim basis, on loan to the White House from the Federal Bureau of Investigation, where he worked for years on cybercrime and cybersecurity issues.

Among the names mentioned by various sources as potentially taking the full-time position are Microsoft VP of trustworthy computing Scott Charney, former assistant secretary of Defense Frank Kramer, former White House special adviser for cybersecurity Howard Schmidt, Obama transition team technology adviser Paul Kurtz, and Painter.

Those who have either taken themselves out of the running or are said no longer to be being considered include former Rep. Tom Davis, R-Va., and former top White House cybersecurity official Melissa Hathaway.



InformationWeek Analytics has published a guide to the Open Government Directive and what it means for federal CIOs. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2014-0778
Published: 2014-04-19
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.

CVE-2014-1974
Published: 2014-04-19
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-1983
Published: 2014-04-19
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

Best of the Web