Pressure Grows To Name National Cybersecurity Coordinator

Five months have passed, including the just completed "cybersecurity month," since President Obama said that he would hand pick a cybersecurity coordinator for the federal government. That position, however, remains unfilled.

In announcing the newly created position of cybersecurity coordinator on May 29, Obama cited the "critical importance" of securing the United States' cyber infrastructure. The job, he said, would entail "orchestrating and integrating all cybersecurity policies for the government; working closely with the Office of Management and Budget to ensure agency budgets reflect those priorities; and, in the event of major cyber incident or attack, coordinating our response."

Many names have been mentioned as possible appointees to the position, and there have been media reports that an appointment was imminent, yet they haven't panned out.

Some members of Congress are growing impatient. In September, the co-chairmen of the House Cybersecurity Caucus, Reps. James Langevin, D-R.I., and Michael McCaul, R-Texas, said they were "deeply concerned by the delay." The following week, Rep. Ann Kirkpatrick, D-Ariz., urged the quick appointment of the cybersecurity coordinator.

Last month, Rep. Yvette Clarke, D-N.Y., chairwoman of the House Homeland Security Committee's Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, asked members of trade organization TechAmerica to join her in pushing the White House to put a cybersecurity coordinator in place.

Last week, Sen. Joe Lieberman, ID-Conn., joined the fray, announcing that he would introduce a bill with Sen. Susan Collins, R-Maine, that would make the cybersecurity coordinator a Senate-confirmed official. Lieberman said in a press release that the position was needed "to ensure that everyone is working off the same playbook."

Without a cybersecurity coordinator, there's no nexus for government-wide cooperation on cybersecurity and no authoritative voice to speak out on issues such as the security of critical infrastructure or international standards, said SANS Institute research director Allan Paller. "This position matters enormously," Paller said. "It's a big problem not having a White House coordinator."

Despite the delay, the government has taken a number of strong, positive steps on cybersecurity over the past several months, Paller said. The Department of Defense has consolidated cybersecurity efforts under NSA director Keith Alexander and a new cyber command. The Department of Homeland Security has asserted its leadership under Phil Reitinger, deputy undersecretary of the DHS' National Protection & Programs Directorate. And the FBI and Secret Service have ramped up their cybercrime efforts.

In the meantime, Chris Painter is serving as cybersecurity coordinator on an interim basis, on loan to the White House from the Federal Bureau of Investigation, where he worked for years on cybercrime and cybersecurity issues.

Among the names mentioned by various sources as potentially taking the full-time position are Microsoft VP of trustworthy computing Scott Charney, former assistant secretary of Defense Frank Kramer, former White House special adviser for cybersecurity Howard Schmidt, Obama transition team technology adviser Paul Kurtz, and Painter.

Those who have either taken themselves out of the running or are said no longer to be being considered include former Rep. Tom Davis, R-Va., and former top White House cybersecurity official Melissa Hathaway.

InformationWeek Analytics has published a guide to the Open Government Directive and what it means for federal CIOs. Download the report here (registration required).