Senator Gives White House 'Incomplete'
on Cybersecurity Performance
The frustration some lawmakers have with the White House's reluctance to have Schmidt testify has led to provisions in several cybersecurity bills to create a White House Office of Cyberspace, with its Senate-confirmed director at the beck and call of Congress.
Still, one of the Senate's key leaders on cybersecurity matters, Sen. Tom Carper, sides with President Obama on not having Schmidt testify. Carper is a former governor, an experience few of his senatorial colleagues share, and his experience for eight years as the Democratic chief executive of Delaware gives him insight into Obama's thinking.
"When I used to be governor, I was happy for the legislature to call in the department secretaries or commission directors and folks like that," Carper said in an interview with GovInfoSecurity.com (transcript below).
Though Carper's closest advisers would occasionally privately brief lawmakers on key issues - as Schmidt has done - they didn't have to testify. "If we start saying to everybody who's in the president's inner circle that gives him advice that you've got to be compelled to come before committees or subcommittees to testify, I think that really has a chilling effect on their ability to give the president the honest, open advice that he or she needs," Carper says.
In the first of a two-part interview with GovInfoSecurity.com's Eric Chabrow, Carper also:
- Graded the Obama administration's performance on cybersecurity and
- Assess the overall state of IT security in the government.
In part two of the interview, Carper analyzed prospects of significant cybersecurity legislation passing Congress this year.
Carper chairs the Senate Homeland Security and Governmental Affairs Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security. He also is the chief sponsor of a bill to update the Federal Information Security Management Act, the law that governs IT security compliance in the federal government.
In an early 2009 interview with GovInfoSecurity.com, Carper detailed the approach he believes the government should take to defend its digital assets, including reform of the FISMA.
ERIC CHABROW: Since the beginning of the current Congress in January 2009, are the federal systems any more or less secure?
SEN. TOM CARPER I think some are. The Department of State has done an especially good job (and) maybe the Army, part of the Army. NASA has done above and beyond what is required of them. They have moved toward a more advanced defensive posture, which looks at threats on what I would call almost a 24/7 basis. This type of approach is really different than what the Office of Management and Budget has traditionally required, which is pretty much once a month or take a look around at your cybersecurity threats, or maybe even once a year. But, the threats that are coming over the ramparts that are under federal agencies, people trying to hack in, they change their tactics, they don't use the same approach year after year.
Imagine if you have a big fence in your back yard, and you're trying to keep bad guys out. For example, once a year, we went out and we used a camera and took a picture of any kinds of holes or places where people would try to poke in and get into our backyard. Then, we came back the next year and took a photo again and we fixed those holes. That's pretty much the way we have operated in the past. What we really need to do is, if I can use that analogy, is to use a video camera, and just see who is trying to poke into our fence in our backyard to get our valuables and steal our sensitive information. We should have a video camera. We should be doing it 24/7, and as soon as we identify a place where somebody has penetrated our defenses, we should fix that, we should repair it and learn from that experience. We're moving toward that 24/7 basis with really a rapid response. And again, the agencies, including the State Department, Army and NASA are doing an especially good job. We are holding them out as role models.
CHABROW: What grade would you give the Obama administration in securing IT.
CARPER: Maybe an incomplete would be the right answer. It's something they focused on a fair amount, certainly more than any other administration. They're trying to do something about it, OMB has gotten into the act, big time.
One of the things they're doing - and they're working with us in the Congress as we've tried to develop legislation - and the administration, to their credit, looked at the legislation that we have developed and they have gone, actually, beyond what OMB previously required. So, I'd give them an incomplete, but they're putting it in the right direction.
This is, as you know, serious matters, it's not just kids trying to hack into the database at their college or their high school and trying to change their grades. This is bad people trying to steal out of our banks, our financial institutions, our money. They're trying to steal our identity, trying to steal classified secrets, like we had people hack in from other countries, trying to hack in and steal plans for the S-35 aircraft that we are developing a joint strike fighter. We had people hacking in to steal plans for our advanced radar system. This is serious stuff. And the administration realizes that, I think, we're on the right track. We've got ... plenty of work still to do.
CHABROW: The White House has been reluctant to send Howard Schmidt to testify before your subcommittee and other congressional panels. Instead, the administration tends to offer up the senior officials from the Department of Homeland Security to testify. Have you met privately with Howard Schmidt? And if so, what were the circumstances of those meetings?
CARPER: We did. I met with him several months ago. It was a good session. He is aware of the magnitude of the problem, and very much determined to be a part of that solution.
I don't blame the president; I used to be governor, I was happy for the legislature to call in the department secretaries or commission directors and folks like that, but the people who were my closest advisers within the governor's office, they didn't have to go testify before the legislature, and from time to time they would brief the legislature, but they're there to give me advice. If we start saying to everybody who's in the president's inner circle that gives him advice that you've got to be compelled to come before committees or subcommittees to testify, I think that really has a chilling effect on their ability to give the president the honest, open advice that he or she needs.
CHABROW: Do you think Howard Schmidt is doing a good job?
CARPER: I think he's doing okay. I'm not really in a position to give him an evaluation, an A, B, C or D, I don't know. The administration as a whole is taking seriously the challenges that we face. For example, one of the things that we need to be doing is a better job upfront in making sure when we use our purchasing power, when we're buying technology that we buy something with defense already built in. To make sure that we do a better job of training people to protect our secrets, our classified materials.
It's almost like, I use a car analogy, my boys are 20 and 22, but when they were going through the age when they were starting to be old enough to drive, we wouldn't send them out in a car that had no seatbelts, no antilock brakes. We do all those things, and if we can buy equipment, and it has already the security features built in, and if we can train our people on how to use those security features and actually how to strengthen them, we should do that. The administration gets that, and I think we're on the right course.
