Today will be noted by followers of cyber issues as a very key one. Today we had a major step forward in defending our Nation’s networks and a huge reminder of how great the cyber security gap we face actually is.
The White House staff announced that Howard A. Schmidt was selected by the President to fill the role of Cyber Coordinator on the National Security Staff. This position has stood vacant since the President declared it a key need in his 29 May release of his Cyber report. In fact, the federal government has actually lost (not gained) several key high-level cyber experts in the intervening period. That said, the choice is an excellent one.
Howard A. Schmidt is currently the president and CEO of the Information Security Forum, a nonprofit international consortium for research in information security. He has also served as chief security officer for Microsoft and as cyber security chief for online auction giant eBay. Several cyber security experts praised the choice because Schmidt understands technology and has excellent management experience. Schmidt is considered an expert in computer forensics. His 40-year career includes more than three decades in local and federal government, serving as vice chairman of Bush 43’s Critical Infrastructure Protection Board. He also worked for the FBI and the National Drug Intelligence Center.
All indications are that he will be adept at working the complex interagency system that must be navigated to “get things done” in Washington. He is not known to have a big ego and is a consensus builder. This is key, as despite the press efforts to anoint him the “Cyber Czar,” he is not. Staff members on the NSS do not dictate to Cabinet officers how they should run their departments (or spend their money). The lack of clear overarching authority was a major factor in the delay in naming the Coordinator, and so many turn downs over the last few months. Schmidt seems to understand the role and is willing to roll up his sleeves and do the tough work that must be done to work the issues in the Interagency process.
The other event today was the announcement of the FBI investigation into a hack of Citibank by Russian criminals. The Bank has denied they were penetrated, but the signal the story sends provides a superb bookend to the Cyber Coordinator announcement.
The government and civilians remain vulnerable. What happens when it is not just criminals motivated by greed, but terrorists who only want to inflict hardship and pain on our people and systems? If you can hack to steal, could you not also hack and corrupt financial data? Former DNI Mike McConnell sees this scenario as the most likely major cyber danger we face. Other experts (including me), see numerous possibilities for terrorists to “rent” criminal capabilities to weaken, control, circumvent, or destroy parts of our critical infrastructure. Lastly, there is always the threat of a nation state competitor attack. The US is not the dominant power in the cyber realm that we are in other defense domains.
Our government is busy trying to plug our gaps and fill our seams in the cyber world. We are better than we ever have been before, but it still remains insufficient. There is still so much we could and should be doing.
So, let’s all celebrate the naming of a Cyber Coordinator. It is and has been long needed. Please do not declare victory, the war is raging still (ask Citibank), and we need to continue to develop our structures and skills to fight it and win. DHS is continuing to mature its systems and people. DoD has taken great strides forward. Numerous civilian agencies (federal, state, and local) are far more aware of the threat and are beginning to stir. The Private Sector knows it must work hand in glove with the Government to protect itself. The giant seems to be starting to wake. Let’s all hope it continues and quickens it pace; we need it.