Another U.S. Cybersecurity Official ResignsAnother U.S. Cybersecurity Official Resigns
The US Computer Emergency Readiness Team's director calls it quits, while a national cybersecurity czar has yet to be named by the Obama administration.
August 10, 2009
The director of a government cybersecurity program that helps protect civilian agency networks and coordinates cybersecurity warnings with industry is stepping down, the Department of Homeland Security has confirmed.
Mischel Kwon, director of the United States Computer Emergency Readiness Team, submitted her resignation last week. Kwon will stay on with US-CERT until September, when she joins EMC's RSA cybersecurity division as VP of public sector security solutions. Though she has a new job, The Washington Post reported that Kwon's colleagues attributed her departure partly to frustration with "bureaucratic obstacles and a lack of authority to fulfill her mission."
Kwon's departure marks the third cybersecurity official to step down during the Obama administration's tenure, and the third who has cited a lack of empowerment as one of the reasons for resigning. Rod Beckstrom quit as director of the Department of Homeland Security's National Cybersecurity Center earlier this year, citing a turf war with the National Security Agency. Last week, White House acting senior director for cyberspace Melissa Hathaway resigned, telling The Washington Post that she didn't feel "empowered to continue to drive change."
Despite President Obama's promise in May to appoint a federal cybersecurity coordinator, the position remains unfilled. That, coupled with the resignations of Hathaway and Kwon, has prompted concerns that cybersecurity isn't the priority Obama said it would be for his administration.
"This new resignation is regrettable because it appears that the momentum many of us thought was building in the federal government to prioritize cybersecurity may be waning," Mark Weatherford, chief information security officer for California's office of information security and privacy protection, wrote in a blog post. "It's starting to look like more business as usual in Washington."
Cybersecurity has increasingly become a high-profile issue in government. According to US-CERT, cybersecurity incidents have almost tripled in the last three years. The Department of Defense recently spent more than $100 million over six months defending against attacks. Recent attacks have taken down federal agency Web sites, infiltrated the power grid, and stolen sensitive data on an Air Force fighter jet. Meanwhile, reports from the Government Accountability Office and Booz Allen Hamilton, among others, have criticized government cybersecurity efforts as disorganized and insufficient.
The Department of Homeland Security is among the federal agencies jockeying for position. "Our goal at the Department of Homeland Security is to be the repository for cybersecurity and to really recruit the best minds in the country," Homeland Security secretary Janet Napolitano said at a cybersecurity conference last week. Cybersecurity efforts there have recently become centralized under National Cybersecurity Center director and deputy under secretary for national protection and programs directorate Phil Reitinger. In a statement, Reitinger thanked Kwon for her service and asserted that cybersecurity is a "top priority" of the Obama administration.
At RSA, Kwon will advise government clients on cybersecurity strategy, policy, and operations, and help with product development strategy.
It's unclear who will take Kwon's spot at US-CERT, though her successor will be the fifth US-CERT director in five years. A GAO report last year cited problems hiring and training qualified staff at US-CERT. Deputy director Randy Vickers, who has taken a public role by speaking at industry events and in the media, is second in command.
InformationWeek Analytics has published an independent analysis on data-loss prevention. Download the report here (registration required).
About the Author(s)
You May Also Like
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023