It has been noted by me and many others that Cyber Security is a key issue for the Obama Administration. The President himself rolled out the May 29th Cyberspace Policy Report, and stamped it as one of his priorities. He also made it a mandatory management priority for all his senior people. Added to that, there has been a steady drum beat of incidents lately that continues to keep cyber security in the news. The Cyber Threat has been described as large and increasing, both in magnitude and sophistication. It seemed to be a “no brainer” that steps would be taken, money spent, and effort expended to fix the vulnerabilities that have been noted by so many experts.
There is however, an interesting development that has been noted by several leaders on the industry side. It seems that whenever industry leadership meet with equally highly positioned political appointees, Cyber Security almost always comes up. It generally ranks in the top three issues for agency leadership teams. Those same people say that when they or their teams talk with the high up career government folks, Cyber Security is hardly ever raised at all. When it does, it is dismissed as a passing fad, and something that “we already do enough of.” If it gets any attention, it is covered by a request for “whatever new device or program we need to fix this,” and nothing else.
This is very disheartening. The career SES personnel and their people are supposed to be the ones providing expertise to the political appointees. In this case, they are not merely failing their bosses, but they are undercutting them, and ignoring a priority that has come from the highest level of our government.
I am well aware that our career civil servants, particularly the Senior Executives are a superbly qualified and experienced group who provide the continuity and balance to our system which sees political appointees move in and out of government with unfortunate frequency. I have personally championed these great Americans because I saw first hand for nearly eight years what they can do for our nation. In the area of Cyber Security, if the impressions of those to whom I have spoken are correct, I fear they are letting down their superiors, their Agencies, and the Nation.
Cyber Security is not a new issue. We have grappled with security of all sorts for decades, and the protection of information and communications means did not start yesterday. But, to dismiss the changes that have occurred in the last few years in connectivity, in interdependence across sectors, and in threat levels to them as “nothing new”, is dangerously ludicrous. Everything we do today runs on the back of the Internet, all our services, all our finances, all our communications, and all our security services.
We cannot do business as usual. If there is any truth to this split, and I firmly believe there is, then it must be fixed immediately. There is a hilarious British sitcom that focuses on the political appointee/career civil servant issue. In it, a hapless minister is constantly frustrated in his efforts to move the government’s programs forward by his wily and deeply entrenched career chief of staff. No matter what the minister directs, the career chief simply says “Yes Minister” (which is the name of the show), and does whatever he pleases.
In Cyber Security in 2009, this cannot be allowed to happen. The seriousness of the situation must be made apparent to the career leaders as well as the political appointees, and a concerted effort must be made to address the threat holistically, and vigorously. We cannot allow this rift to continue, or the nation will suffer.