Future of Federal Cybersecurity, Part 2: Interview with Harry Raduege, Co-Chair of the Commission on Cybersecurity for the 44th Presidency
In the first part of the interview we discussed how the panel's findings, if adopted, would help secure federal government IT. As we continued our chat, we explored the balance between using new technologies with securing IT.
You've been a long-time practitioner of managing IT in government at the Defense Department and recently there have been new technologies that have been restrained, flash drives, even the use of Blackberries for the president and other key members. Is it your feeling that there are solutions to secure all of these types of technologies as the government adopts these new technologies with proper assurances?
HARRY RADUEGE: Yes. Of course, with security comes the fact that certain people won't be able to have access to the information. So, it is a real careful balance. We obviously want to share information more; we want to allow collaboration; we want to allow transparency in our actions. So there, you want to open up information to all those who are authorized or you want to have see that information.
So, it's a delicate balance between the securing of information and making information available and that is what makes the job of the chief information officer and the chief security officer and the chief privacy officer so difficult, is to make sure that you have that proper balance between those things that you do not want to share with everyone and that you want to keep private and secure, versus those things that make us more transparent as a society and allow us to perform our jobs more effectively and efficiently.
ERIC CHABROW: Responsibility for information security within each agency and department is something I don't think is something that I don't think is formalized. If I recall, the Commission did request or suggest that there is some kind of formalization of that within the agencies?
LT. GEN. RADUEGE: Yes. You know, when you think about the Clinger-Cohen Act, and more formally known as the Information Technology Management and Reform Act of 1996. That Act required federal activities to appoint chief information officers, and also required certain responsibilities for that chief information officer in information management and information assurance and information technology and acquisition and information security, and an important part of the act was that that federal CIO appointed in each agency was to report directly to the agency head and if you take a look around various departments and agencies that is not true today.
In some cases, the chief information officer reports directly to the agency head, but in other cases the chief information officer is at a lower point in the organization. We recommended that that act, which legislated 12 years ago now, be carefully looked at again and those standards be applied across our federal government, and I think there we will have better standardization and emphasis on the all important areas of that are involved with the chief information officer's job.
ERIC CHABROW: How about the ideas of requiring a chief information security officer for each agency, and if so, who should that person report to?
LT. GEN. RADUEGE: The information security, I believe, in many organizations is a sub-element of the chief information officer because the information officer would have the responsibility for information management, information security, the purchasing equipment; in other words, building the infrastructure, would be responsible for training the individuals and so the chief information security officer would be the all important component of the chief information officer's responsibilities.
And, of course, then looking at the Clinger-Cohen Act of 1996 with the chief information officer reporting directly to the agency head, that sort of implies that chief information security officer would work for the chief information officer.
ERIC CHABROW: You know, one of the things that you talked about is the chief information officer's responsibilities is in purchasing, and I believe the commission report suggests that the federal government can use this financial muscle to improve cybersecurity. How hard would it be to do that?
LT. GEN. RADUEGE: I think that we really can use our financial muscle. Where we suggested that our national Office of Cyberspace and the federal CIO Council, working with industry to implement security guidelines for IT product procurement, and that way we would develop and incorporate standard security guidelines, settings, specifications into government-wide contracting strategies. And, implementing these guidelines as standards through appropriate policy standards organizations, I think we could actually improve our acquisition rules and in effect improve our overall cybersecurity.
ERIC CHABROW: What questions should I have asked you and I didn't?
LT. GEN. RADUEGE: (Chuckle) Well, that is actually a very good question. Maybe, how I see the Cybersecurity Commission report being accepted today and maybe the future of the Cybersecurity commission.
Right now, we have actually gotten very good feedback from what we have accomplished with our Cybersecurity Commission report. Whenever you serve on a commission, you don't know how your findings are going to be judged, but we seem to be getting very good feedback from those people who are working on these things on a daily basis; so that has been very encouraging.
I also take a look at the areas of President Obama's technology plan, goals and all that he has been putting forth, and it seems like a number of the things that our Commission report recommended, sitting with the way President Obama sees the new administration moving in the future.
And, I would also note that it appears that our Cybersecurity Commission, because of the popularity of our report and vital nature of the tasks that we have taken on, we find that our Commission may be moving into a phase two; in other words, we'll hold the members together because there is a number of areas that we have already identified that perhaps we can have a positive impact on helping the organizations and the new administration with some of the things that we have recommended and some of the things yet to be studied and improved upon.
So, I see a continuance of the fact that we could build a national community of experts to engage in a number of new areas for the study. Of course, with our goal being to fulfill the vision that we have of our Commission to secure cyberspace, while adhering to the bipartisan and independent principles that guided our report. In those areas, we hope that the Commission moving into phase two can continue to be helpful.
ERIC CHABROW: Now, you mentioned that there are a number of areas where you identified that you have a positive impact in helping, what are some of those areas?
LT. GEN. RADUEGE: Some of our recommendations already seem to be recognized. For example, the cyberspace advisor to the president, I believe, is being looked at. We have been reading about that in the news, and then with the fact that Melissa Hathaway has been initially appointed to conduct this special cybersecurity survey and assessment of where we stand, that I think is very encouraging to us on the Commission that this was something that we felt needed to be done, at least at the minimum to access where we are and the fact that we would have an advisor that would be working directly for the president and advising the president.
I think some of the other areas that I am feeling encouraged about is a new level of the administration and government in whole partnering with the private sector more. And, of course, we advised creating three new groups of activities that would be involved with the cybersecurity discussions and where we could build public/private trust. It is all about who do you trust in this business, and it is very important that we build a strong trust between the private and the public sector of our government. And, I believe that can be improved upon and I am hearing good vibrations that that was a key element of our report and something that needs to be acted upon in a positive fashion. We are getting good response thus far, back in those areas.
I think another area of our report is the education awareness piece, and we are already seeing early in this administration the fact that cyberspace and cybersecurity are being discussed, talked about and emphasized more and more. So, that is another one of the areas that we feel very encouraged that our report has brought a national level of attention to this critical area.
ERIC CHABROW: Anything else you would like to add?
LT. GEN. RADUEGE: We certainly are involved in an era now of what we would probably refer to as economic espionage. We have daily loss and damage that is going on in the area of cyber space. Literally there're truckloads of intellectual property that has cost the American taxpayer and American businesses trillions of dollars to create.
I think, if we all saw a truck pulled out next to our office buildings and our homes on a our daily basis loading documents from our safes and from our financial files, we would be very, very concerned. But in effect, that is what is happening in the world of cyberspace and we definitely need to put a stop to that and create the better controls for securing our nation and securing our future.
ERIC CHABROW: Thank you very much general. I appreciate the time you spent and I hope we can talk again.
LT. GEN. RADUEGE: Okay, great. Thank you very much Eric.
ERIC CHABROW: That's retired Air Force Lt. Gen. Harry Raduege, co-chair of the Commission on Cybersecurity for the 44th Presidency. I'm, Eric Chabrow of govinfosecurity.com. Thanks for listening.