'Czar' Prospect on Federal Cybersecurity

What's most important about the job of presidential cybersecurity coordinator isn't whether or not it reports to two bosses or how high on the White House organizational chart it appears or, for that matter, when President Obama will reveal his choice, says cybersecurity sage Howard Schmidt.

"The two key things that we need to worry about here is one, first and foremost, and that is the fact that this is a presidential imperative and the president recognizes that we have to do this right and we just can't go out and sort of fill this for the sake of meeting some particular deadline," Schmidt says, in an interview with GovInfoSecurity.com (transcript below).

Seeing the fundamentals in a situation is a strong characteristic that has placed Schmidt on nearly every list of a prospective White House cybersecurity czar. In the field of IT security, Schmidt has done it all.

He spent more than 30 years in public service, including a stint as a White House special adviser on cyberspace security and as chief strategist for the US-CERT Partners Program at Homeland Security. He serves on an IT privacy board that advises the National Institute of Standards and Technology, the Commerce Department and White House.

In the private sector, Schmidt has held top IT security posts at Microsoft and eBay. An author of two IT security books, Schmidt has academic affiliations with Georgia Institute of Technology, Carnegie Mellon and Idaho State University.

Schmidt is the first and current president of the Information Security Forum, an independent, not-for-profit association aimed harnessing the brainpower of public and private-sector experts in IT security and risk management.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

In an interview with GovInfoSecurity.com's Eric Chabrow, Schmidt discusses the:

Eric Chabrow, GovInfoSecurity.com managing editor, interviewed Schmidt.

ERIC CHABROW: What are the greatest challenges the federal government faces in developing an IT security culture?

HOWARD SCHMIDT: There are a few things. One, we have come to take the IT systems that we use almost for granted in the fact that they are always going to be there, that there is always somebody else looking after not only maintaining them, but more importantly for our topic, the security of them. And, as we have seen over the years as personal computers become even more of a computer, it is a shared responsibility between those that are providing the services and those of us who are using the service to make sure that not only are we using it to its fullest capabilities, which is just absolutely wonderful, but also to make sure that they are secure.

As we have gone through the years, we focused more on the rich and robustness and the great technology it brings us and sort of not put as much forward as we needed to the risks that are out there and more importantly how one could really do things themselves to mitigate those risks.

CHABROW: What should the government do to get the people who use these systems to do what should be done?

SCHMIDT: There are a few things. It is just like any other organization, whether it is government or private sector; it has got to be part of the culture of the organization. It has got to come from all levels of the organizations.

For too many years, we have heard the security people talking about we need to do this better, we need to do more security, we need to use antivirus, we need to use anti-spyware, and sort of the litany of technologies that one would use to help protect a system but not necessarily protect the overall environment.

What we have seen over the past few years is where you have the highest levels of an organization say not only do we get tremendous benefit from these IT systems that we are using, but we also see tremendous risk out there and as a consequence as a part of the corporate culture, as part of the way we do business, we have to look after the issues around risk management, about security, about the technology security, about the information we put on these systems, how we handle those systems, what we do with the data, which is also important, and it comes from the top down. What happens is it becomes part of something that people recognize as part of the things that they need to worry about as well and also can receive the benefits from.