Recently, President Obama announced the establishment of a Cyber Czar, although the candidate for the position has not yet been named. The new position, will be a senior white house staffer, regularly reporting to the President. This position is an important one and I’d like to see the President make the right choice. Mr. Obama, I know that you’re a busy guy but here’s some friendly advice while mulling over the candidates.
Forbes asked the question – “should the head of cybersecurity in the new administration come from private industry, government or the military?”. The article debates the merits of each approach and discusses a few potential candidates. The answer, in my opinion couldn’t be more clear. The candidate must come from private industry but must know how to dance in government circles. I was encouraged this past weekend when the administration named Jeff Moss, founder of the Black Hat security conferences to the Homeland Security Advisory Council. It demonstrates a willingness to reach beyond political circles for candidates with real world experience. Jeff is an excellent choice having seen the world through the eyes of both a hacker and a businessman, not to mention being one of the best connected people in the security industry.
Selecting a candidate for Cyber Czar from private industry is critical because the answer doesn’t lie in small tweaks to the status quo but in wholesale change. The current state of security in government networks is abysmal and the government just doesn’t do change well. When the attackers are succeeding in stealing top secret plans for fighter jets, the air traffic control system is wide open to attack and the power grid is littered with backdoors, incremental changes won’t suffice. Moreover, the government can’t secure their infrastructure alone. They don’t make the technology that they run, nor do they independently have the expertise necessary to secure the massive infrastructure that Americans rely on each and every day. The soon to be named Cyber Czar needs to come from private industry but be politically savvy. Having served in the government at some point in his/her career would be a great asset as let’s face it, politics is a game and if you don’t know the rules, you won’t succeed.
This isn’t the first time that the Whitehouse has called upon an outsider to help secure the nation’s IT infrastructure. In September 2003, Amit Yoran, founder of RipTech was handed the title of Director of the National Cyber Security Division of the Department of Homeland Security. Despite the impressive title, the position was not in the Whitehouse, and came with limited power. Many speculate that Yoran left after only a year on the job after growing frustrated that he was unable to implement the changes that he sought. Unfortunately, despite the announcement from the President that that the Cyber Czar will have a Whitehouse position, we still don’t know exactly what powers the office will wield. If we expect change, the Cyber Czar will need the ear of the President and the power to make change happen. If not, the position will wind up being a revolving door for bright minds with great ideas who soon grow frustrated with the red tape pinning them down.
Mr. President, this is an important opportunity. Please be sure and bring on board an outsider who is a visionary with the patience to play the political game. But most importantly, be sure to listen to him.