Cybersecurity Resignations, "Czar" Vacancy
In a conversation Friday with RSA Vice President Mischel Kwon, the former director of U.S.-CERT expressed some misgivings on how the media reports on the goings and comings of top government cybersecurity officials.
Kwon's resignation this summer as head of the United States Computer Emergency Response Team, part of the Department of Homeland Security, came within days of the departure of Melissa Hathaway - who had conducted the 60-day cybersecurity review for President Obama - from government. In some media reports, their departure - along with the resignation earlier in the year of Rod Beckstrom as director of DHS's National Cybersecurity Center - symbolized the inability of the administration to keep and attract top talent, especially considering the job of White House cybersecurity coordinator remained then and to this day vacant.
Here's what The Washington Post published on Aug. 8 on Kwon's resignation:
"The resignations, although unrelated, point to a larger inability of the federal government to hire, retain and effectively utilize qualified personnel, experts said. Two months after President Obama pledged to 'personally' select someone to be the White House's cybersecurity coordinator, the position remains unfilled."
Kwon thinks those explanations are nonsense:
"We all left for different reasons, and I think that's a pretty broad, sweeping, inaccurate statement. We are all three different individuals who left for different, personal reasons. I don't think group all three of us together is accurate at all."
Indeed, only Beckstrom publicly complained about the lack of support for the organization he led, and he blamed that on the previous administration since Obama had become president only weeks before he quit.
Kwon also pointed out that administration has attracted top cybersecurity experts to government, such as DHS's senior cybersecurity official, Deputy Undersecretary Philip Reitinger, who had been a Microsoft executive.
Likewise, she said, media accounts that the lack of a cybersecurity "czar" suggests the government isn't taking IT security as seriously as it should is wrong.
"I don't want anyone to think that we're not doing anything now; that is totally false. I read that in the paper, it makes me kind of shiver because the long and short of it is that there are a lot of people in these departments and agencies that are working really hard, making good progress, in securing our government networks. Is not appointing a cyber 'czar' a problem? I think it is a press problem at this point."
True, there's been a lot of media coverage of Obama's failure to name a cybersecurity coordinator after nearly seven months and exactly how high up an IT security adviser should be in the White House hierarchy. But the story isn't media hype; many lawmakers and cybersecurity policymakers continue to bring up these subjects.
But Kwon is right about her resignation and those of Beckstrom and Hathaway. They were unrelated, and the decisions to leave government differed. Trying to suggest the administration doesn't have its act together on the recruitment and retention of top cybersecurity experts is way off the mark.
We'll presently post my conversation with Kwon on GovInfoSecurity.com. Please look for it.