In Silence, Cybersecurity Action - Interview with Jim Flyzk, former Treasury CIO
In the trenches where agency chief information officers and chief information security officers hold fort, a bit of anxiety can be sensed as they await President Obama's appointment of his cybersecurity adviser.
"There is also some anxiety around what this might mean in terms of who is in charge and what will be the additional work and responsibilities mandated," says Jim Flyzk, the former Treasury CIO and White House IT advisor on homeland security, says in an interview with the Information Security Media Group. "CIOs are always concerned about mandates coming from the OMB or the White House or whatever. If there is a mandate, I am sure they will be concerned about whether or not there is funding behind it." (Read the transcript of the interview below.)
Despite some unease, Flyzk says, CIOs and especially CISOs are heartened by Obama's commitment to IT security. "The fact that cybersecurity is now getting so much priority attention ... is something that they have been trying to attain for a long, long time," he says. "They have kind of been seen as the sky-is-falling people in the past, talking about all these issues. People would listen but no one would take action, so I think now they are excited that maybe we will see some action being taken."
Flyzk, if anything, is as well connected as anyone in Washington's government IT community. He spent 27 years in government, most notably as chief information officer of the Treasury Department and White House IT advisor on homeland security. Today, he heads his own consultancy, The Jim Flyzk Group, and hosts a monthly radio program, The Federal Executive Forum, on a local Washington radio station.
Flyzk spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.
ERIC CHABROW: President Obama made the big splash a few weeks ago announcing a cybersecurity policy, but there's been a lot of silence since then from the White House. What's going on?
JIM FLYZIK: The agencies are all in the planning process, they are all looking at what they are going to need to do and activity going on. I know the industry, the integrators and the companies that are involved in the security space; they are all putting together their value propositions and their business cases and so forth.
There is a lot of anticipation of other business opportunities coming in this cybersecurity space. I There are still folks waiting for the announcement of who will be the so called cybersecurity czar; who is going to fill that job.
People are waiting to see how it will be finally organized and structured and where will the relative responsibilities exist between the intelligence community, National Security Agency, the White House, and the Department of Homeland Security. There are still a lot of questions that are buzzing around town, and until those questions are answered, people are more in the planning mode as opposed to the actual doing mode.
CHABROW: What would be some of those questions?
FLYZIK: The questions I think are who is the cyber czar and what will be the relative responsibilities of the various entities that are involved in this, being the Director of National Intelligence, the NSA, the Department of Homeland Security, the White House itself, other agencies around town, what about NIST and Standards, what about GSA and government-wide programs such as the trusted internet connections?
There is a governance issue that still is not clear. People are anticipating that once this individual (is named) ... it will sort of be the spark that fuels the fire to get the process moving a lot faster.
CHABROW: Is one of the delays perhaps the debates going on in the White House about how senior of official this cybersecurity coordinator should be?
FLYZIK: There is a lot of talk about how close will this person be to the president and the chains of command. You know they are talking about the National Security Council as well as the National Economic Council in the White House will both play roles.
Yes, I think there is some question about the authority of this person and whether the person will actually have the ear of the president. I think the President in his speech said that yes, this person will have my backing and I will be there, but people are waiting to see exactly how that plays out.
CHABROW: Could there be some kind of negotiation with a potential candidate in accepting a job based on senior ranking that person is?
FLYZIK: If somebody is currently a marquee name in the cybersecurity industry I think that individual would have some expectation of very high visibility position and access to the president. If you want to go for like a big marquee name and a well known player, they are clearly not going to be as excited the job is seen as being very well down in the bureaucracy.