Today it was announced that Howard Schmidt was appointed to the White House Cybersecurity Coordinator position otherwise known as the cyber czar. Much has been written in our blog about this position since it was announced, and the timing and approach to the announcement has done nothing to eliminate the concerns previously expressed. I have much reading to do before I comment directly on Mr. Schmidt, but I do have very strong impressions from the way it has been handled.
The position was originally announced at a press conference in late May on the Friday before Memorial Day. Not exactly a day and time that you would select for something of importance or to maximize the impact. Months passed as candidates not only turned down the position, but candidates like Melissa Hathaway left the government for the private sector.
And now we get an announcement stating the position has been filled on the Tuesday of Christmas week, in a city where most of the government is closed because of a record setting snowstorm. The announcement gets a mention on the White House blog with a picture of the President shaking hands with his new Cybersecurity Coordinator in what appears to be a hallway. No press conference, no fanfare, no President standing at the side of the new Czar as a show of support to the position and a commitment to the idea of cyber security.
I went to the White House press page at 11:00 am EST and there is no formal announcement. There is news about the Enactment of the Airline Flight Crew Technical Corrections Act, something about agencies cutting spending by $19B, and some nominations that were sent to the Senate, but nothing about this position.
I am sure there will be Obama acolytes that will line up to applaud the announcement, but I find myself angry today as I weigh what I see from the White House. I have the somewhat unique perspective of being a marketing person in cyber security. That means that cyber security is important to me and I have a taste of the threat against our country. As a marketing person, I see the not so subtle signals being sent by the White House regarding this subject. Put this in context of the amount of energy thrown at other items such as the Chicago Olympic bid, and it is reasonable to draw the conclusion that the White House is not committed to cyber security and this role.
I would be a lot angrier if I had not spent the last year working with people at NIST, the NSA, the intelligence community and the DoD who are proactively and energetically looking for new and innovative ways to protect our government from malicious attacks. Best of all, these groups are working together to share data and knowledge in a way that would make taxpayers happy and proud. So I’ve seen real, actionable progress taking place long before Mr. Schmidt assumed this role.
To be clear, I never viewed the cyber czar as some sort of mythical figure that could solve our cyber security problems with a wave of the hand, but I was hopeful that the role would serve as a way to focus attention on the problem and help create a sense of urgency toward progress. And if that person was seen as having the “full faith and credit” of the President, it would give that person some authority to be something other than a figurehead. But that is exactly how I view this position today – a campaign promised fulfilled in the least effective way possible and with minimal authority, buried in slow press days.
This week we got news that our military drones had been hacked with $26 software, a plea was entered in the Heartland breach by the same person who pulled off the TJX breach (who used a simplistic and well known SQL injection technique to penetrate Heartland), and that Twitter was disabled completely by a DNS attack. And we get a tepid announcement the Tuesday before Christmas on a position that it took them seven months to fill. I’d hate to see what type of catastrophic, IT security based incident it would take to make the White House treat the problem with the seriousness it deserves.