Tuesday, December 22, 2009

Obama to Name Chief of Cybersecurity

Obama to Name Chief of Cybersecurity
By JOHN MARKOFF
Copyright by The New York Times
Published: December 21, 2009
http://www.nytimes.com/2009/12/22/technology/internet/22cyber.html?th&emc=th


Nearly seven months after highlighting the vulnerability of banking, energy and communications systems to Internet attacks, the White House on Tuesday is expected to name a technology industry veteran to coordinate competing efforts to improve the nation’s cybersecurity in both military and civilian life.

The decision to appoint Howard A. Schmidt, an industry executive with government experience who served as a cybersecurity adviser in the Bush administration and who also has a military and law enforcement background, is seen as a compromise between factions. Government officials and industry executives say there has been a behind-the-scenes dispute over whether strict new regulations are necessary to protect the network that increasingly weaves together the vast majority of the world’s computers.

Mr. Schmidt will report to the National Security Council — not both to the council and to the National Economic Council, as previously planned, an administration official said on Monday. Mr. Schmidt will also “have regular access to the president,” said the official, who spoke on the condition of anonymity because he had not been authorized to talk publicly about the appointment.

Cybersecurity has taken on new urgency this year in the face of a growing range of cyberattacks and reports of vulnerabilities in business and military computing systems. Indeed, at the May 29 announcement of his administration’s decision to create the position of cybersecurity coordinator, Mr. Obama described how during his presidential campaign computer intruders had “gained access to e-mails and a range of campaign files, from policy position papers to travel plans.”

“It was,” he said, “a powerful reminder: in this information age, one of your greatest strengths — in our case, our ability to communicate to a wide range of supporters through the Internet — could also be one of your greatest vulnerabilities.”

After reviewing the nation’s cybersecurity preparedness, the White House said it would create the position of cybersecurity coordinator to harmonize the nation’s various efforts to “deter, prevent, detect and defend” against cyberattacks.

The administration’s decision to appoint Mr. Schmidt was slowed by a tug of war among political, military, intelligence and business interests, said people with direct knowledge of the selection process. Industry officials, for example, have expressed concern that new regulations would dampen innovation.

In recent months the administration has been criticized by lawmakers and others for not moving more quickly to fill the position. Experts on the issue had questioned how effective a cybercoordinator could be if forced to report to two governmental councils without direct access to the president.

“I’ve come away with a strong sense that Vivek Kundra, chief information officer, and Aneesh Chopra, the chief technology officer, and participants at the N.S.C. are aligned on this effort,” said Vinton Cerf, a co-author of the original Internet standards who has been consulted by the administration in choosing a “cyberczar.”

The White House official also said that criticisms that the administration had been frozen on cybersecurity policies while waiting for the appointment of a cybersecurity chief were inaccurate, citing a range of initiatives now under way at various agencies to improve cybersecurity. In November the White House met with a Russian delegation of cybersecurity officials in an effort to build cooperation on international law enforcement issues.

One significant difference in the Obama administration’s approach to cybersecurity and that of the previous administration has been the degree of secrecy about strategy and policy issues. In the Bush administration, cybersecurity decisions were made in a highly classified fashion. What remains unclear, however, is how the new administration will balance cybersecurity decisions between military and civilian organizations.

In May the administration’s cybersecurity review was not specific about transforming the administration’s goals into practical realities. At the time Mr. Obama did not explain how he planned to go about resolving the running turf wars among the Pentagon, the National Security Agency, the Department of Homeland Security and other agencies over the conduct of defensive and offensive cyberoperations.

Mr. Schmidt is the chief executive officer of the Information Security Forum, a nonprofit computer security trade association based in London. He has served as chief information security officer at eBay and chief security officer at Microsoft. In the Bush administration, he was the vice chairman of the president’s Critical Infrastructure Protection Board and a special adviser for cyberspace security.

He also served in the Air Force and the Army in computer security roles and led a computer forensics team for the Federal Bureau of Investigation at the National Drug Intelligence Center.

No comments: