Home > Security News > White House cybersecurity czar faces major hurdles
Security News:
EMAIL THIS

White House cybersecurity czar faces major hurdles

By Robert Westervelt, News Editor
26 May 2009 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

A new White House cybersecurity czar will face a number of major obstacles, the least of which will be to coordinate the security of federal agency systems on a massive scale, according to security experts and former government officials tasked with heading federal cybersecurity efforts. While the position could reduce interagency squabbles over control, it also has the potential to get bogged down in red tape and bureaucracy.
SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The White House is expected to announce the creation of a cyberczar position that will focus on protecting the nation's critical networks from cyberattacks.

The position could be announced as early as this week, according to The Washington Post. It would be the first of its kind at the White House level and could have broad authority over cybersecurity matters and would maintain extensive oversight of federal agencies to harden their networks from outside attack.

Citing senior White House sources, The Post reported the new position would be a member of the National Security Council and would report to the national security adviser as well as the senior White House economic adviser.

If the new position is given a seat in the National Security Council it could hold some clout, but if it has no budgetary authority it would lack the ability to force any major security improvements, said noted security expert Bruce Schneier, chief security technology officer of BT.

"People in this country who have budgetary authority loathe to give it up," Schneier said. "Unless they actually control some purse strings, all they can do is beg, plead, cajole and evangelize; they can't actually get anything done."

Michael Markulec, chief operating officer at network security vendor Lumeta Corp., said the new position must have enough authority to manage the interagency battles for control that have been ongoing at the federal level.
SearchSecurity.com:
Cybersecurity's profile rising under Obama: The Obama Administration is conducting a review of the government's cybersecurity policies and process.

White House cybersecurity advisor calls for public-private cooperation: Melissa Hathaway delivered precious few details about her 60-day review of the country's cybersecurity policies and structures during her RSA Conference keynote.

NSA does not want to run cybersecurity, director says: Instead, Lt. General Keith B. Alexander pushed for a collaborative effort among the intelligence communities, government and private industry to secure cyberspace.

Senators hear call for federal cybersecurity restructuring: Congress is mulling over whether to give more authority on cybersecurity issues to the Department of Homeland Security or create a new office within the White House.

"I'm concerned that such a position, a so called cyberczar, will wind up like most of the other czar positions that we've created in the government; somebody that is responsible for policy, but not implementation," Markulec said.

Markulec, who is an expert on industrial control systems security has provided information related to the CSIS report "Securing Cyberspace for the 44th Presidency." He has been in favor of giving authority over cybersecurity to the Director of National Intelligence. Markulec said a new cyber czar would need to review current policy and practice, evaluate what makes up the nation's networks and coordinate efforts to reach out to the private sector for expertise.

"We're adding things like physical security devices and control systems," Markulec said. "I think there are organizations, especially in the financial services community, that have gotten this right and the government can learn a lot from them."

Even with the help of the private sector, the new post will have a number of bureaucratic problems to overcome, said Amit Yoran, a former top Department of Homeland Security cybersecurity official, now CEO of NetWitness Corp. Yoran said his position at DHS was consistently bogged down in a number of administrative problems that continue to plague the agency today.

Yoran said the person appointed to the new cyberczar position also might seek some modifications to the Comprehensive National Cybersecurity Initiative (CNCI), reviewing it to determine what is working. The $40 billion classified plan has 12 components, including the Trusted Internet Connections (TIC) program, to trim the number of federal network connections and the Einstein system, a network-monitoring tool used by DHS to monitor and analyze traffic moving through federal networks.

"The programs themselves at their base are well intentioned and well designed," Yoran said. "But a lot of the fundamentals of the program that carry into the new administration come with some challenges; the over-classification of the CNCI activities as a whole, relying on the intelligence community for so much of the CNCI activities will remain a challenge."

The new czar position will also have to iron out differences and get agencies with different goals at the same table, Yoran said.
SearchSecurity radio:

"This is not a challenge that can be addressed by any department or agency," Yoran said. "It really needs the White House orchestration for this to be successful."

The person selected for the new position should also resist the temptation to micromanage agencies, said Gregory Garcia, the former assistant secretary for cyber-security and telecommunications under the DHS, who currently heads his own consulting firm, Garcia Strategies LLC. Garcia said there is a need for a new White House cyber czar to guide Congress in enacting better legislation.

"There is not a systematic or comprehensive effort to identify what is it really that Congress can do; what really are the gaps that Congress can fill with legislation that is going to push our marketplace, push our governments to be more secure," Garcia said. "So the White House can do a lot to push the Congress to show some discipline in the manner in which it approaches this issue."

The cyberczar announcement is expected to coincide with a report issued by Melissa Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils. Hathaway led a team that conducted a 60-day review of the country's cybersecurity policies and infrastructure. She was a keynote speaker in April at the 2009 RSA Conference, but released few details of the cybersecurity review. The security community has pegged Hathaway as a natural candidate for a national cyber advisor position that would oversee U.S. cybersecurity efforts both domestically and internationally.

The report was delivered to President Barack Obama in April and identifies more than 250 recommendations. The review touches on every facet of government networks, including computer network defense, investigations, military and intelligence activities, and how those intersect with information assurance, counterintelligence, counterterrorism, telecommunications policies and general critical infrastructure protection.

Tags: Emerging Information Security ThreatsFISMAInformation Security Policies, Procedures and GuidelinesIdentity Theft and Data Security BreachesVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Emerging Information Security Threats
Cybercrime and threat management
The Pipe Dream of No More Free Bugs
Face-off: Who should be in charge of cybersecurity?
Federal efforts to secure cyberinfrastrucure
Adobe working on patch to correct new zero-day flaw
Security Squad: Federal cybersecurity defenses
Cyberwarfare, targeted attacks pose increasing infosec threat
Senators hear call for federal cybersecurity restructuring
New Conficker variant has ties to Storm botnet
Experts alarmed over U.S. electrical grid penetration

FISMA
Feds should get private sector advice on cybersecurity
ICE Act would create White House cybersecurity post
Experts alarmed over U.S. electrical grid penetration
Group identifies top 20 security controls to thwart cyberattacks
FISMA compliance made easier with OpenFISMA
Learn from NIST: Best practices in security program management
What criteria should I look for in a service provider to help my government agency comply with FISMA?
At RSA, feds seek help to close widening cybersecurity gaps
House legislators rip Bush's Cyber Initiative plan
Industry group uses awareness month to lobby for data breach laws
FISMA Research

Information Security Policies, Procedures and Guidelines
How to align an information security framework to your business model
Making the case for network security configuration management
Ease the compliance burden with automation
Face-off: Who should be in charge of cybersecurity?
Cybersecurity Act of 2009: Power grab, or necessary step?
PCI DSS: The structure of a standard
PCI DSS: Best practices for compliance
Federal efforts to secure cyberinfrastrucure
ICE Act would create White House cybersecurity post
White House cybersecurity advisor calls for public-private cooperation

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
DNS rebinding attack  (SearchSecurity.com)
drive-by pharming  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
man in the browser  (SearchSecurity.com)
phlashing  (SearchSecurity.com)
polymorphic malware  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts