Obama Names Cybersecurity Coordinator

Former Bush administration official and Microsoft security official Howard Schmidt is tapped to develop a federal cybersecurity strategy.
In a May speech, President Obama said that the cyber coordinator would have regular access to him, but it became clear that the position would not have budget authority, and would have two bosses in the heads of the National Security Staff and the National Economic Council (not the President himself). If Obama sticks to the policy laid out in the White House’s 60-day cybersecurity review completed earlier this year, Schmidt would not have any "operational responsibility or authority, nor the authority to make policy unilaterally," instead relying on partnership and interagency coordination, working in concert with federal CTO Aneesh Chopra, federal CIO Vivek Kundra, and a slew of other officials to forward administration goals.

Some commentators have expressed concern that the cyber coordinator position lacked the power to affect real change. “I’m starting a new contest,” James Lewis, director of technology and public policy for the Center for Strategic and International Studies, said in a recent e-mail. “The new cyber position is so low, cyberczar really isn’t right. Cyberpeasant? Cybervillager?”

Lewis called the appointment a “good move” Tuesday, saying that Schmidt’s job could be made easier if officials believe he carries with him the authority of the President, but adding that there is a significant amount of work to do to fit together work that’s been started at places like the Department of Defense and Department of Homeland Security.

In the months since announcing the new position, there have been significant shifts in cybersecurity in government. The military began to stand up the U.S. Cyber Command, which will integrate and manage both offensive and defensive cyber capabilities for the military, under NSA chief Keith Alexander. The Department of Homeland Security has consolidated authority over cybersecurity in civilian agencies. The Office of Management and Budget has begun work on new cybersecurity metrics. The Office of Personnel Management has started working on new training and classification for cybersecurity professionals. And new FISMA guidance focuses more on operational metrics than on toothless compliance.

Several of Schmidt’s friends and colleagues applauded the appointment. Greg Garcia, a consultant who was formerly assistant secretary for cybersecurity at the Department of Homeland Security said that he had been advocating for Schmidt’s appointment since the position was created, and that Schmidt has “all the ingredients.” PGP Corporation CEO Phillip Dunkelberger said that Schmidt, who has long served as an adviser for the company, has “the right background and qualifications” to be effective in his new position.

"Howard has the breadth to cover government and private industry, and he really understands the technology," Fortify CTO Roger Thornton said in an interview, characterizing Schmidt as more of a doer than a talker. "When you look at the job, that job will only be successful if the person in it can bring together disparate parties and drive consensus. His biggest challenge is going to be getting everyone to take a step back and say, we need to rethink what we're doing."

For Further Reading:

Cybersecurity Balancing Act

Obama, White House To Oversee Cybersecurity Leadership

Q&A: Ex-eBay Security Chief Sees A Safer Internet In The Future