Schmidt: A Take-No-Nonsense Cybersecurity "Czar"Obama Names Howard Schmidt as Cybersecurity Coordinator
Howard Schmidt, the information security expert who President Obama tapped Tuesday as his cybersecurity coordinator and who served as a senior cybersecurity adviser in the Bush administration, is characterized as a no-nonsense leader who will take no guff from senior White House advisers in advancing the administration's cybersecurity initiatives.
"Howard is going to surprise a lot of people in Washington," Alan Paller, director of research at the SANS Institute and, who like Schmidt, is one of the nation's leading information security authorities, said in an e-mail message to GovInfoSecurity.com. "He had extraordinary successes as CISO (chief information security officer) at Microsoft - at a time when security wasn't very high on most of the Microsoft officers' priority lists. He has demonstrated that he can forge sufficient support to overcome resistance and get things done."
According to an e-mail message broadcast over the Internet by John Brennan, assistant to the president for homeland security and counterterrorism, Schmidt will have regular access to the president and serve as a key member of his National Security staff. "He also will also work closely with his economic team to ensure that our cybersecurity efforts keep the nation secure and prosperous," Brennan said. Originally, President Obama envisioned the post as reporting to both the national security and national economic councils.
Schmidt, in a video posted on the White House website, said the president had directed him to focus on several priority areas:
- Develop a new, comprehensive cybersecurity strategy;
- Secure American critical information networks;
- Ensure an organized, unified response to future cyber incidents;
- Strengthen public-private partnerships here at home and international partnerships with allies and partners;
- Promote research and development of next generation of technologies; and
- Lead a national campaign to promote cybersecurity awareness and education.
"Because ultimately no one - not government, not the private sector, not individual citizens - can keep us safe and strong alone when it comes to cybersecurity, our vulnerability is shared," Schmidt said. "And, so is our responsibility to ensure that our networks are secure, trustworthy and resilient. So, as I told the president, I'm committed to bring all these stakeholders together around a new, comprehensive cyber strategy that keeps America secure and prosperous."
It appears that one concession made to Schmidt to take the job was that he would report to the president only through National Security Adviser James Jones, and not also to National Security Adviser Lawrence Summers. One reason the job was hard to fill was the original dual-reporting nature of the post, several cybersecurity experts said. "There are just not that many people who have that kind of resume and have the experience within government and within the private sector that is going to be necessary to help really lead both the government and the private sector forward as what is needed for the president," Melissa Hathaway, who led Obama's 60-day cybersecurity policy review, said in an interview with GovInfoSecurity.com.
Paller said Schmidt in the previous administration had been "burnt badly by overzealous White House Council of Economic Advisers staff members, when they emasculated the original draft of the National Strategy to Secure Cyber Space," an experience that should prove to be of great value to the new cybersecurity coordinator. "So," Paller said, "I expect he wouldn't have taken the job without getting some assurance that Larry Summers will not veto any initiatives that ask industry to ensure the security of the products and services they sell or the security of the power and communications networks."
Karen Evans, who worked with Schmidt when she was the Bush administration's de facto federal chief information officer, called the new cybersecurity coordinator an excellent choice because he's a "seasoned veteran of the White House" with extensive knowledge of cybersecurity, critical infrastructure and policymaking. "Howard," Evans said in an e-mail message, "knows how the White House works and he has stayed involved in the federal community."
Evans sees Schmidt's early priorities as ensuring agencies continue following the recommendations found in the administration's 60-day cybersecurity policy review released last spring. "The biggest area will be assisting DHS (Department of Homeland Security) to build out their capacity to provide the incident response services necessary and ensuring agencies are completing their plans as outlined in the Trusted Internet Connection (TIC) initiative," Evans said. The TIC initiative involves sharply reducing the number of access points between the Internet and government systems.
Former Air Force CIO John Gilligan, who's leading the initiative to get organizations to adopt the Consensus Audit Guidelines, says Schmidt has no time to waste. "Howard will need to move quickly to establish a focused set of national priorities," Gilligan said in an e-mail. "He will also want to orchestrate the many government, industry and international efforts toward achievement of measurable progress in improving our cyber infrastructure."
Obama, in outlining his cybersecurity agenda in a White House speech last May, said that he would name a cybersecurity coordinator - a post that doesn't require Senate confirmation - to oversee not only information security initiatives in the federal government, but also among state and local governments and the private sector. He said the adviser would have access to him. However, some supporters of a White House cybersecurity adviser had called for a more senior-level adviser with more direct access to the president
Paller said the biggest initial challenges Schmidt faces is being buried by people who seek to influence him and by accepting too many speaking engagements. "The inescapable demands of those two forces has already damaged the effectiveness of others who take on top cyber roles," Paller said.
Rep. James Langevin, the Rhode Island Democrat who co-chairs the House Cybersecurity Caucus, praised Schmidt's appointment. "Today's appointment should serve as a clear indication to both the public and private sectors of the seriousness and significance of this issue," he said.
Presidential Commitment is Foremost
In an interview with GovInfoSecurity.com this summer, Schmidt said regardless of whom the cybersecurity adviser reports to, what's crucial is that the president makes cybersecurity a national priority, something he says Obama has done.
"We have to make sure that the power of the office of the Executive Office of the President is behind it," Schmidt said in the interview. "So whether it is reporting to the national security adviser, national economic adviser or it is someplace else, as long as it has the ability to do what needs to be done to coordinate across the government agencies.
"If you look now what we have seen across the Department of Homeland Security and Energy and Defense and the FBI, we see a new cadre of highly professional people who are working these issues and have a new mandate, a new lease on life if you would, working it. ... These folks are in place doing what they need to do to make the environment more secure, not only for the government systems, which is rightly important, but also in working with their private sector partnerships."
Since Obama announced his intention of naming a cybersecurity coordinator, Schmidt's name has appeared on nearly every list of a prospective IT security adviser. When asked last August if he would be interested in the job, Schmidt responded: "Well, you know, public service, I think is any thing that any American would like to do. I see it pop up once in a while, and it is one of the things that I think is important to recognize. If ever an opportunity comes to serve our country in some fashion, I sit on some government boards now as an adviser, but I think it is important."
Then asked whether he had talked to the White House about this cybersecurity position, he hesitated a moment, then said: "A lot of people's names come up, and I think there is ... obviously they have got a very important decision to make."
In the field of cybersecurity, Schmidt has done it all.
Schmidt spent more than 30 years in public service, including a stint as the White House special adviser on cyberspace security and as chief strategist for the U.S.-CERT (United States Computer Emergency Response Team) Partners Program at the Department of Homeland Security. He serves on an IT privacy board that advises the National Institute of Standards and Technology, the Commerce Department and White House.
In the private sector, Schmidt has held top IT security posts at Microsoft and eBay. An author of two IT security books, Schmidt has academic affiliations with Georgia Institute of Technology, Carnegie Mellon and Idaho State University.
Schmidt is the first and current president of the Information Security Forum, an independent, not-for-profit association aimed at harnessing the brainpower of public and private-sector experts in IT security and risk management.