This morning, the White House made it official: Howard Schmidt will be the nation’s next cybsersecurity coordinator. The longtime industry veteran will be returning to the executive branch, where he worked previously as vice chairman of the President’s Commission on Critical Infrastructure Protection. Schmidt will report to deputy national security advisor (NSA) John Brennan. You can watch video of Howard Schmidt on the cybersecurity coordinator role by clicking on the image below:
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Schmidt was formerly chief information security officer (CISO) at eBay and chief security officer at Microsoft and has worked with federal and local law enforcement and the Defense Department. As Ellen Nakashima reported in The Washington Post, the new cybersecurity coordinator also served as special adviser for cyberspace security from 2001 to 2003, where he shepherded the National Strategy to Secure Cyberspace, a plan that Nakashima writes “was largely ignored.” Schmidt was also the president and CEO of the Information Systems Security Association, an international nonprofit organization that focuses on risks and research in the cyberworld. The question now will be whether a man hailed as a good communicator can also ensure better cybersecurity across industry and government.
“Howard is a good match for this task,” said Vint Cerf, Google’s chief Internet evangelist, as quoted by The Atlantic Monthly’s Marc Ambinder. “I’ve been impressed by his consensus-building style. He’s thoughtful, knowledgeable and he knows Washington.”
Cerf, as quoted in the New York Times article on the cybersecurity coordinator, said that “I’ve come away with a strong sense that Vivek Kundra, chief information officer, and Aneesh Chopra, the chief technology officer, and participants at the N.S.C. are aligned on this effort.”
Filling the position at the National Security Council was overdue, given the time that has elapsed since Melissa Hathaway delivered a cybersecurity report that called for a cybersecurity coordinator to coordinate the nation’s efforts. As SearchSecurity.com Editorial Director Mike Mimoso reported, “Obama announced on May 29 he intended to personally select a cybersecurity coordinator who would coordinate cybersecurity policies across government agencies.”
In May, Threatpost Editor Dennis Fisher recorded a podcast with Schmidt. In the podcast, the incoming cybersecurity coordinator talks about the role, cybercrime and how to fix federal cybersecurity.
CSO Online Senior Editor Bill Brenner enjoyed excellent timing yesterday when he published an email interview with Schmidt. Schmidt made a number of predictions for 2010, including that he believed that cloud computing will be a security enabler. Schmidt wrote that “2010 will be the tipping point as to much wider adaption in all sectors. The overall net effect will give us a better chance to develop more security in the cloud using better vulnerability management/reduction, strong authentication, robust encryption and closer attention to legal jurisdictions.”
The timing of the White House appointment of a cyber coordinator is, as Ambinder wrote, something of an early Christmas gift, though perhaps not for Schmidt himself. As Ambinder observed, “It’ll be a thankless job: given the near-certainty that the government will experience some massive data breach or a major cyber terrorism attack, Schmidt will be both the point person — and the person seen as responsible, even though he lacks the statutory authority to prevent these catastrophes.”
In the security industry, reactions to the appointment have been generally positive. Like Ambinder, Dave Lewis, a Canada-based IT security practitioner and editor at Liquidmatrix Security Digest, also sees a tough challenge ahead for Schmidt. “I think that this is an extremely unenviable position for him to take,” he said. “There are numerous turf wars that he will be at risk of becoming collateral damage in the crossfire. I would like to see him succeed. There needs to be a central point of control for IT security.”
George Moraetes, an information security and enterprise architect, related a similar sentiment: “I really don’t know if congratulations or even condolences are in order.”
Moraetes supports the appointment of Schmidt, stating he “is the best advocate and most experienced individual to take on this incredibly difficult job that basically has no teeth or jurisdiction to preside over federal agencies. He is the only person capable of this job, having solid federal government and corporate experience at top levels, and knows the ropes.”
Patricia Titus, former CISO for the Transportation Security Administration and now CISO for Unisys Federal Systems, is similarly supportive. “He comes with exactly the type of credentials to rally the right people at the needed levels. His private- and public-sector background lends itself well to knowing who needs to sit at the table. There hasn’t been that level of IT credentials and security experience in a similar position before.”
Titus sees the position of the cybersecurity coordinator directly under the deputy NSA as “critical to the success of the position. The fact that John has publicly stated that Howard will have regular access to the president shows that cybersecurity is a national priority.” Schmidt will be charged with assessing and mitigating a complex mix of threats and authorities. ‘I think that all of us in cybersecurity look at the difference between compliance and verifiable security carefully. Are we spending too much time writing documents, versus in real-time monitoring of security controls? Howard’s role may be to address that from a policy standpoint, with regards to securing critical infrastructure, government websites and agencies.”
“I’m cautiously pessimistic about anyone in that job, but I think Howard has a better shot than most,” said David Mortman, CSO-in-residence at Mason, Ohio-based security consultancy Echelon One. “Howard is a known quantity and knows how to play the game. Gives him a huge advantage, since it’s like he’s simultaneously an insider and an outsider. Hopefully the best of both worlds.”
Dan Kennedy, CISO of the Praetorian Security Group, also wrote in to share his take on the appointment of the new cybersecurity coordinator: “I am familiar with Howard, having watched him speak numerous times, being introduced to him a few times, having sat at a dinner round table across from him, and having been an ISSA member for years who reads his introductions every month. I think Howard Schmidt is both a smart guy and one who understands the issues of information security. I don’t always agree with what he has to say, but if you are quoted as much as Howard is that will happen. He doesn’t say completely crazy things, as a few senior security executives do now and then, and has a conservative approach to IS concerns. Howard is a competent choice, and clearly better than many alternatives having worked in the private sector and having been involved very closely and nearly exclusively in the infosec industry. This is much better than, say, a competent technologist, a lawyer who understands technology at a high level, or related choices taking on their first big information security job with this position.”
“That said, he is a safe choice, one who has had an opportunity already in what was a very similar position under the Bush administration. I, like many folks, wanted to be excited by the choice of cybersecurity czar, to see someone I thought would really shake things up. A safe choice doesn’t do that. I voted for Obama to make competent but also pushing the envelope decisions. I hoped for an appointment that would inject some discomfort into an established information security hierarchy in need of a change agent. Howard may be that; perhaps he wasn’t given enough of a chance or shackled by a lack of organizational power the last time around.”
“Don’t get me wrong: this appointment is a positive. There’s a more empowered position (especially now that the nonsense on reporting line is resolved) and a competent person in it helps information security. It was a long time coming. Howard is not afraid to speak uncomfortable truth to power, one of the hallmarks of a great CISO. I congratulate him and look to this appointment with optimism.”