In my column, “The Silent War – Cyber Style,” posted on December 14, 2009, I had suggested that, since it was taking forever for the White House to come up with a Cyber Security Coordinator, that the White House expand CTO Aneesh Chopra’s responsibility to include cyber security.
So much for that suggestion. A week later, the White House announced that they had hired Howard Schmidt for the job. I happen to think that putting Howard into this role is a much better solution, particularly since he is not matrix reporting to White House economic adviser Larry Summers and the National Economic Council. I had noted in my June 15, 2009 column, “Here We Go Again … Demoted Security,” that I didn’t think that economists should be setting IT and infosec priorities, as they frequently don’t fully understand technology, its importance or its ramifications.
Now let’s get back to Howard Schmidt. He is unquestionably among the most qualified for the job (as would have been Melissa Hathaway and Paul Kurtz) with his broad range of public and private sector experience and an extensive Rolodex of colleagues and contacts acquired over a long and varied career. The coordination role demands such a network both within and outside government. He has also continued to maintain currency in the cyber security field through his presidencies of the Information Security Forum and of the Information Systems Security Association. I am glad that he agreed to take on this most difficult of assignments and wish him well in this new venture.
However, the question remains as to whether the job can in fact be done in time, since there is so much catching up to do. As was noted in the various announcements, Howard teamed with Richard Clarke in developing the “National Strategy to Secure Cyber Space.” It was published in February 2003 (see www.us-cert.gov/reading_room/cyberspace_strategy.pdf) and received little attention and virtually no support. Both authors left government shortly afterwards. Almost seven years have been wasted on that basis alone, not to mention the shelving of the 1998 Presidential Decision Directive 63, which mandated that US cyberspace would be secured by May 2003 … which adds up to a dozen years of procrastination.
Turning around the country’s lapse in securing cyberspace is a huge task. Thank goodness it appears that we are beginning the journey (yet again!). This may well be our last opportunity before all hell breaks loose. Let’s hope that the Obama Administration gives Howard Schmidt the support and resources, which he needs, and that the public and private sectors commit to getting the job done. We may not get another chance.