Kundra Vs. Schmidt
|Follow GovInfoSecurity.com on Twitter|
The seven-month buildup leading to Schmidt's appointment in December created an aura of influence and power surrounding the position to the point that the job was regularly referred to as "cybersecurity czar," a term pooh-poohed by the Obama administration. Lost in the hubbub during the lengthy wait for the cybersecurity coordinator's appointment was the critical cybersecurity role the federal CIO performs.
If money equals influence, then its Kundra, hands down, is who holds the power on federal cybersecurity matters. Kundra's official title is administrator for e-government and information technology in the Office of Management and Budget, the White House unit that decides how federal money will be divvied up among departments and agencies, including funding for cybersecurity initiatives. OMB also oversees departmental and agency implementation of the Federal Information Security Management Act, the eight-year-old law that defines government IT security compliance.
Schmidt, on the other hand, has no statutory authority on how federal cybersecurity money should be spent or what rules must be followed. President Obama didn't hire Schmidt to determine cybersecurity spending, but to develop a comprehensive cybersecurity strategy, secure America's critical information networks and lead a national campaign to promote cybersecurity awareness and education, among other tasks. And if Obama is a man of his word, Schmidt will have the president's ear.
In fact, no law defines Schmidt's job. That's something many lawmakers would like to change. Some in Congress want to elevate the cybersecurity adviser's post within the Executive Office of the President and grant that person authority over government cybersecurity spending. They feel cybersecurity can be best managed in the federal government through a White House Office of Cyberspace or Cybersecurity, a position endorsed by the bipartisan Commission on Cybersecurity for the 44th Presidency. Indeed, one observation heard in the Capitol about OMB is that its strength is in the "B" - budget - and not in the "M" - management, especially in regards to its cybersecurity oversight duties.
Obama has neither asked for nor endorsed the idea of elevating the cybersecurity coordinator's post or its authority over cybersecurity spending. And legislation to do just that hasn't gone very far in Congress.
And, there are other cybersecurity power centers in the federal government beyond the White House: the National Security Agency and the Department of Homeland Security.
In reality, there's no battle between Kundra and Schmidt over who in the Executive Office of the President is in charge of government cybersecurity. In his only public speech since becoming cybersecurity coordinator given Jan. 27, a week after he started his new job, Schmidt spoke warmly of Kundra and federal Chief Technology Office Aneesh Chopra.
"One of the things that I was tremendously impressed from the first time I met with both of them individually is that the discussion was not about security: 'You guys are just a problem for us; we need to grow our technology at all costs.' It was very deliberate, very sincere, in saying, 'Yes, all three of us love the technology, but the technology needs to move forward being more secure, better technology in protecting our privacy.' And that is how the three of us are going to work."
Kundra's responsibilities go well beyond cybersecurity to managing federal government IT. Still, he's a key player in cybersecurity matters, especially considering his initiative to get widespread government adoption of cloud computing, a technology that presents many IT security challenges.
And for Schmidt, it's not the control over how cybersecurity money will be spent that will determine his influence, but how he exploits his stature as a IT security guru and White House official, his all-encompassing knowledge of cybersecurity and his engaging persona to succeed at the daunting tasks to get people in and out of government to work together to protect our IT systems and networks.