5 Government Cybersecurity Challenges in 2010Part 1: Cybersecurity Coordinator: Now What?
In 2009, President Obama promised to (and late in the year eventually did) name a White House cybersecurity coordinator, Homeland Security Secretary Janet Napolitano promised to begin hiring 1,000 new IT security pros, Sen. Tom Carper promised a new law to reform the Federal Information Security Management Act, Federal Chief Information Officer Vivek Kundra promised to get the federal government actively involved in secure cloud computing and NIST Director Patrick Gallagher promised to evaluate whether to restructure the agency.
Will 2010 be the year these promises become reality?
As Congress returns to Washington for the second session of the 111th Congress, GovInfoSecurity.com this week will present the top five cybersecurity challenges - one each weekday - the federal government will face in 2010:
- Monday: Cybersecurity Coordinator: Now What?
- Tuesday: Recruiting a Cybersecurity Workforce
- Wednesday: FISMA Reform or Not
- Thursday: Securing the Cloud
- Friday: NIST's Growing Influence
Taking seven months to name a White House cybersecurity coordinator was the easy part. Now the tough work begins as Howard Schmidt takes the lead in implementing President Obama's cybersecurity initiatives. It could prove to be among the toughest and thankless jobs in government.
When Obama tapped Schmidt a few days before Christmas, the president directed his cybersecurity coordinator to develop a new, comprehensive cybersecurity strategy.
"God knows, we need one," said James Lewis, senior fellow at the public policy group Center for Strategic and International Studies and project leader of its Commission on Cybersecurity for the 44th Presidency, which issued a report that served as a blueprint for the White House's cyberspace review. "The old one was dreadful and it hasn't gotten any better, but the issue that we are going to face as a nation is that we have got a new global infrastructure that we are dependent on and we haven't figured out a good way to have the government deal with it and normally what we would do is create some kind of new office, department, agency to look at this."
Among other priorities Obama asked Schmidt to tackle:
- Secure American critical information networks;
- Ensure an organized, unified response to future cyber incidents;
- Strengthen public-private partnerships here at home and international partnerships with allies and partners;
- Promote research and development of next generation of technologies; and
- Lead a national campaign to promote cybersecurity awareness and education.
Schmidt recognizes his role as a coordinator, and said fulfilling the president's goals must be a team effort. "Because ultimately no one - not government, not the private sector, not individual citizens - can keep us safe and strong alone when it comes to cybersecurity, our vulnerability is shared," Schmidt said in accepting the job. "And so is our responsibility to ensure that our networks are secure, trustworthy and resilient. So, as I told the president, I'm committed to bring all these stakeholders together around a new, comprehensive cyber strategy that keeps America secure and prosperous."
The biggest hullabaloo surrounding the White House cybersecurity adviser in 2009 - besides who would be named to the job - was its position within the White House. Schmidt reports through the National Security Council and Deputy National Security Adviser John Brennan, the NSC's No. 2 leader.
But the CSIS Commission recommended -- and some lawmakers propose -- giving the job more muscle through the creation of a White House Office of Cyberspace. Sen. Jay Rockefeller said the bill he's cosponsoring with Sen. Olympia Snowe would have the cybersecurity adviser report directly to the president.
Others lawmakers say they'd like to assess the situation after the cybersecurity coordinator has been in his job for a period of time. "It's sort of putting the cart before the horse, basically trying to legislate in a vacuum, and I don't know that that's the most productive way of determining what's in our best interest at this stage," said Rep. Yvette Clarke who chairs a House subcommittee with infosec oversight.
- Grading Obama's First-Year Cybersecurity Performance
- Howard Schmidt: A Take-No-Nonsense Cybersecurity "Czar"
- No Cybersecurity "Czar," No Big Deal
- Obama's Failure to Tap Czar Criticized
- Why No Cybersecurity "Czar," Yet
- Rockefeller: Congress Failing on Cybersecurity
- Rep. Clarke: Slowdown on "Czar" Bills
- Collins: Put Cyber "Czar" in DHS
- Lieberman Seeks to Codify Cyber "Czar"