Impact on Cybersecurity Without a 'Czar'

The White House isn't saying much about why it's taking so long to name a cybersecurity adviser or comment about the exit of two senior cybersecurity experts from the administration. Others, though, aren't shy about sharing their opinions on these matters that have captured headlines in the past few weeks.

GovInfoSecurity.com queried some leading experts in government and cybersecurity to get their take on the continuing vacancy of a White House cybersecurity coordinator - a position President Obama outlined in a late May address on cybersecurity, and the departures from government of Melissa Hathaway, White House acting senior director of cyberspace who conducted the "60-day" review of federal cybersecurity posture, and Mischel Kwon, director of U.S.-CERT, the Department of Homeland Security unit that coordinates public- and private-sector response to cyber attacks.

The experts, who responded to our questions by e-mail, include Ray Bjorkland, senior vice president and chief knowledge officer at FedSources, a government IT advisory firm; Greg Garcia, former assistant secretary for cybersecurity at the Department of Homeland Security; Eugene Spafford, a professor of computer science at Purdue University and a leading IT security expert who has testified before Congress; and Thomas Stanton, a fellow at the Center for the Study of American Government at Johns Hopkins University who has written about cybersecurity.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

Is President Obama's delay in naming a White House cybersecurity coordinator having any significant adverse affect in the way the federal government secures federal IT assets and the nation's critical IT infrastructure?

Bjorkland: When key leadership positions go unfilled, there is almost always some adverse effect, usually resulting in inaction. But U.S. cybersecurity is not a new initiative. Our military and civilian agencies are pretty good at it. What's missing is coherent coordination of the many federal thrusts, coordination that could result in a more efficient (economical) defense or an even more effective cyber posture.

Garcia: Clearly, there's ample anticipation about who will come in and start the process of coordinating government decision making in cybersecurity. While this slows momentum palpably, at an operational level there shouldn't be any problems in executing day-to-day monitoring and incident response in its current form. But certainly a number of broader policy and budget decisions will be on hold until they get through this period of suspended animation.

Spafford: I don't see it as having a specific adverse effect. I am unaware of any major projects or initiatives on hold until someone is appointed. I see many things being done by different agencies, acting independently. And, I also know Congress has been looking into this area and is moving ahead. Having a coordinator in place might simply make things better.

Stanton: The appointment of a cybersecurity coordinator is an essential first step in developing and implementing a realistic and effective cybersecurity plan, both for the government and for the private sector. Given the growing threat of cyberattacks delay in developing and implementing a workable plan is very serious. It is serious, not only because we should be building protection more rapidly, but also for what it shows about the difficulty of filling this position and getting the job done.

As the president proposed, the cybersecurity coordinator would report to the National Security Council and the National Economic Council. Is that a good idea?

Garcia: How many bosses with differing - and sometimes conflicting -- mission objectives would you want?

Stanton: The problem of cyber defense is a problem of management and resources. The big question is not to whom the cyber coordinator reports, but rather what capacity that person has to get the job done.

Spafford: Cybersecurity is an issue of national security. It is also an issue of national economics. But it is also an issue of crime, education, efficiency, trade, international relations and a number of other areas. It is not a minor problem that is part of something else -- it is a full-fledged, difficult, cross-cutting set of issues. If it is going to be addressed in the appropriate way, it should be treated as a first-class problem area.