Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Former Bush administration official will head U.S. cybersecurity initiative for Obama, but experts question whether the post has much power
Kelly Jackson Higgins, Editor-in-Chief, Dark Reading
December 22, 2009
4 Min Read
After months of speculation about who and when the U.S. would get the cybersecurity czar promised by President Obama in May, the administration today officially appointed Howard A. Schmidt to the much-anticipated post of White House cybersecurity coordinator.
Schmidt, who most recently served as president and CEO of the international nonprofit Information Security Forum and was previously chief information security officer at eBay and at Microsoft, said in a statement that he looks forward to bringing to the table all stakeholders in efforts to better secure U.S. networks and systems. He will work with the National Security Council and the National Economic Council.
"The president has directed me to focus on several priority areas: developing a new comprehensive strategy to secure American networks, ensuring an organized, unified response to future cyber-incidents; strengthening public-private partnerships here at home and international partnerships with allies and partners; promoting research and development of the next-generation of technologies; and leading a national campaign to promote cybersecurity awareness and education," Schmidt said in a video statement on his post announcement. "Because ultimately no one -- not government, not the private sector, not individuals -- can keep us safe and strong alone."
While Schmidt was among the names mentioned for the post, others had turned it down ahead of his appointment. Most recently, administration sources had said former assistant Secretary of Defense Frank Kramer was the No. 1 pick.
But some security industry experts argue the position doesn't have the teeth -- and budget -- to make a major difference in the nation's security posture. And there's still the problem of whether anyone can settle the power struggles between the National Security Agency and the Department of Homeland Security over the nation's cybersecurity posture, not to mention the separate operations at the DoD and other federal agencies.
"The problem with the post is that it has remained ceremonial in terms of actual authority, [and] the ceremony itself creates expectations that are almost impossible to fulfill," says Nick Selby, managing director for Trident Risk Management. "Government agency infighting around responsibility for protecting our cyber assets -- even defining what that means -- has been intense. In the current climate, even a highly qualified political appointee has his work cut out for him."
Alan Paller, director of SANS Institute, says Schmidt's priorities ultimately will be driven by cybersecurity events. "Each event, whether it's a major new vulnerability discovered that the government needs early access to [or something like the] Predator drone issue, will chew up a substantial amount of his time" with the relatively small staff he'll have at the White House, Paller says.
But Schmidt has the technical background and experience in both the private industry and government sides of the fence to be able to bring the two sectors together -- as well as to cut to the chase on the real security issues and threats, Paller says.
Another challenge, he says, is playing catch-up in national information security policy, which was basically on hold until his appointment. "OMB has been saying, 'We have to wait for the cyber coordinator before we take any substantive action,'" Paller says. "So we lost a full year of leadership and have gone radically backward because low-level people were making national policy."
Phillip Dunkenberger, CEO of PGP Corp., where Schmidt has served on the board, says Schmidt is a good fit for the job. "If you look at Howard's skill set, it matches up to the three major initiatives of the Obama administration, all of which have a critical cyber component: the war in Iraq and Afghanistan, stimulating the economy, and healthcare. Securing information and stimulating innovation all require an understanding of how to work with the private sector on securing personal identifiable information, as well as public sector defense and civilian agencies on critical information. Howard can bridge these cross-functional teams," Dunkenberger says.
Dunkenberger says Schmidt should immediately "develop a strong working relationship with DoD, Vivek Kundra [federal CIO], and Aneesh Chopra [federal CTO]," as well.
Schmidt previously worked in federal and local law enforcement and the Department of Defense, and was vice chairman of the president's Critical Infrastructure Board and special adviser for cyberspace security in the Bush White House.
Chris Painter, a deputy assistant director of the FBI's cyber division, had been serving as an acting coordinator since Melissa Hathaway stepped down from her job as acting White House senior director for cybersecurity in August. Hathaway had spearheaded a 60-day cybersecurity policy review that recommended the administration name a national cybersecurity coordinator.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.
You May Also Like
A screen displaying many different types of charts and graphs to show what data is being analyzed.Cybersecurity Analytics