Melissa Hathaway's Advice to Howard Schmidt
Few people understand the challenges Howard Schmidt faces in his new job as White House cybersecurity coordinator than Melissa Hathaway.
Hathaway served as the White House acting senior director of cyberspace. Last February, President Obama asked Hathaway to conduct the administration's 60-day Cyberspace Policy Review, making her intimately familiar with federal government cybersecurity policies and processes. The review led to the creation of the cybersecurity coordinator post.
I e-mailed Hathaway, asking her what she thought of the Schmidt appointment. Here's her response:
"Howard has a good mix of public and private sector experience. He has a challenging job ahead of him and is facing an urgent situation that needs strong leadership."
And, what are his initial challenges? She said they fall into two categories: general and first quarter. Here's what she wrote:
1. He must build relationships across a wide community: across the executive branch, in Congress, in the White House, with our allies. He also must build new relationships with the private sector. He needs to be seen as a coach, catalyst and 'connector' and not be perceived as a czar or dictator.
2. He will need to communicate often and be transparent. He will need to explain what the situation is and how we are going to address it as a nation. I think that the White House blog is one way to communicate, but in order to reach many more, he will need to speak publicly.
3. He will need to learn the core missions and capabilities of the departments and agencies. They have matured and their missions have changed since the last time he served in the government.
Perhaps the best lens he could have into the "current-state-of play" would be to visit the six joint centers of excellence to understand how the agencies are partnering and trying to address the problem. These centers are: Joint Task Force for Global Network Operations, Defense Cyber Crimes Center, National Threat Operations Center, U.S. Computer Emergency Response Center, Intelligence Community-Incident Response Center and the National Cyber Investigative Joint Task Force.
1. Know what progress has been made against the top 25 recommendations in the Cyberspace Policy Review. Understand the shortfalls and clearly advocate and demand for progress in the near term.
2. Know the critical path programs of the Comprehensive National Cybersecurity Initiative (CNCI) and help the departments and agencies advocate for the funding in the fiscal year 2011 (which begins Oct. 1, 2010) request before congress. This was one of the most important years for momentum in the CNCI as far as building capabilities and putting departments and agencies on stable footing.
3. Know the legislative landscape. By my last count, there were 36 pieces of legislation ranging from organizational responsibility, to addressing data breaches and loss of information, to international collaboration and efforts to prevent cybercrime. It will be very important to present a unified view of what is needed from our legislature--as I believe new laws are needed.
Schmidt's job will not be easy, but one asset he has, according to Hathaway, is a strong White House staff:
"They have the corporate knowledge of the Cyberspace Policy Review as well as the evolution of CNCI. He has an extremely tough job ahead of him and I wish him success."