Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/22/2009
12:11 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

White House Names Howard Schmidt As Cybersecurity Czar

Former Bush administration official will head U.S. cybersecurity initiative for Obama, but experts question whether the post has much power

After months of speculation about who and when the U.S. would get the cybersecurity czar promised by President Obama in May, the administration today officially appointed Howard A. Schmidt to the much-anticipated post of White House cybersecurity coordinator.

Schmidt, who most recently served as president and CEO of the international nonprofit Information Security Forum and was previously chief information security officer at eBay and at Microsoft, said in a statement that he looks forward to bringing to the table all stakeholders in efforts to better secure U.S. networks and systems. He will work with the National Security Council and the National Economic Council.

"The president has directed me to focus on several priority areas: developing a new comprehensive strategy to secure American networks, ensuring an organized, unified response to future cyber-incidents; strengthening public-private partnerships here at home and international partnerships with allies and partners; promoting research and development of the next-generation of technologies; and leading a national campaign to promote cybersecurity awareness and education," Schmidt said in a video statement on his post announcement. "Because ultimately no one -- not government, not the private sector, not individuals -- can keep us safe and strong alone."

While Schmidt was among the names mentioned for the post, others had turned it down ahead of his appointment. Most recently, administration sources had said former assistant Secretary of Defense Frank Kramer was the No. 1 pick.

But some security industry experts argue the position doesn't have the teeth -- and budget -- to make a major difference in the nation's security posture. And there's still the problem of whether anyone can settle the power struggles between the National Security Agency and the Department of Homeland Security over the nation's cybersecurity posture, not to mention the separate operations at the DoD and other federal agencies.

"The problem with the post is that it has remained ceremonial in terms of actual authority, [and] the ceremony itself creates expectations that are almost impossible to fulfill," says Nick Selby, managing director for Trident Risk Management. "Government agency infighting around responsibility for protecting our cyber assets -- even defining what that means -- has been intense. In the current climate, even a highly qualified political appointee has his work cut out for him."

Alan Paller, director of SANS Institute, says Schmidt's priorities ultimately will be driven by cybersecurity events. "Each event, whether it's a major new vulnerability discovered that the government needs early access to [or something like the] Predator drone issue, will chew up a substantial amount of his time" with the relatively small staff he'll have at the White House, Paller says.

But Schmidt has the technical background and experience in both the private industry and government sides of the fence to be able to bring the two sectors together -- as well as to cut to the chase on the real security issues and threats, Paller says.

Another challenge, he says, is playing catch-up in national information security policy, which was basically on hold until his appointment. "OMB has been saying, 'We have to wait for the cyber coordinator before we take any substantive action,'" Paller says. "So we lost a full year of leadership and have gone radically backward because low-level people were making national policy."

Phillip Dunkenberger, CEO of PGP Corp., where Schmidt has served on the board, says Schmidt is a good fit for the job. "If you look at Howard's skill set, it matches up to the three major initiatives of the Obama administration, all of which have a critical cyber component: the war in Iraq and Afghanistan, stimulating the economy, and healthcare. Securing information and stimulating innovation all require an understanding of how to work with the private sector on securing personal identifiable information, as well as public sector defense and civilian agencies on critical information. Howard can bridge these cross-functional teams," Dunkenberger says.

Dunkenberger says Schmidt should immediately "develop a strong working relationship with DoD, Vivek Kundra [federal CIO], and Aneesh Chopra [federal CTO]," as well.

Schmidt previously worked in federal and local law enforcement and the Department of Defense, and was vice chairman of the president's Critical Infrastructure Board and special adviser for cyberspace security in the Bush White House.

Chris Painter, a deputy assistant director of the FBI's cyber division, had been serving as an acting coordinator since Melissa Hathaway stepped down from her job as acting White House senior director for cybersecurity in August. Hathaway had spearheaded a 60-day cybersecurity policy review that recommended the administration name a national cybersecurity coordinator.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.