A former U.S. congressman, reportedly one of the leading candidates for the White House position of cybersecurity czar, this week questioned whether the new post would have any clout, suggesting the legislative and bureaucratic issues that lie ahead are so complex that it's unclear what the position would entail.
To get security news and tips delivered to your inbox,
"If you think it's difficult to get through the bureaucracy, wait till you get to Congress," said Tom Davis, a former Republican congressman from Virginia. "If there's a crisis things can move quickly, that's one thing we've seen in this town … but the difficulty right now is that there are so many things going on in Washington."
Speaking on a panel discussion at the National Press Club Tuesday, Davis said the position needs a person with name recognition; someone with the ability to work with Congress to get legislation passed on cybersecurity issues. But the task is very difficult, with almost every congressional committee claiming to have authority over a particular aspect of cybersecurity, he said.
"I think we need to understand that this is a very complicated, difficult task and if nothing else you get to deflect blame if you're on top and have a czar and something happens," Davis said, calling the new position a good first step. "It's fair to say that both parties failed to put together the appropriate leadership in the past."
In May, President Obama announced the creation of a cybersecurity coordinator, or cybersecurity czar, who would be responsible for integrating all cybersecurity policies for the government, working closely with the Office of Management and Budgets to ensure budgets reflect cybersecurity priorities as well act as the coordinator in the event of a cyber attack.
More on national cybersecurity:
VIDEO: Face-Off: Who should be in charge of cybersecurity? Schneier and Marcus Ranum debate who should be in charge of national cybersecurity.
Cybersecurity's profile rising under Obama: The Obama Administration is conducting a review of the government's cybersecurity policies and process. We should be encouraged that security could move beyond the useless paper exercise it is today.
Time magazine reported last week that Davis, the former head of the Government Reform Committee, was Obama's top candidate for the new position. Davis, who co-authored the Federal Information Security Management Act (FISMA), predicted a "cyber Pearl Harbor," in which attackers penetrate sensitive systems within the federal government.
At the National Press Club panel on Tuesday, Davis said FISMA should be strengthened and government agencies given funding to better meet the rules. The panel discussed what the Obama administration's cyber czar would confront in his first 100 days. In addition to Davis, it included retired Air Force Major General Dale Meyerrose, former CIO for the U.S. intelligence community and current vice president for cyberspace at Harris Corp. and James Bamford, an investigative reporter and author who has reported extensively on National Security Agency issues.
Meyerrose said whoever is appointed to the position would need to scale back and choose one or two priorities to address immediately. The person would also need to be surrounded by a strong team and must have enough stature to be taken seriously by Congress. But it's unclear how much work could get done since the position would report to two committees, the National Security Agency and National Economic Council.
"I think the most encouraging thing about the president's statements is that the status quo is no longer acceptable," Meyerrose said. "Just establishing leadership in the White House is a necessary first step but it's not the end game."
Bamford, who wrote five books on intelligence gathering and the National Security Agency, said the real work around cybersecurity is already being done by the NSA. Currently the agency is restructuring to address cybersecurity. In April, Defense Secretary Robert Gates nominated Keith Alexander, a three-star general, to head the new Cyber Command within the agency.
"Just looking at the [cyber czar] position on a piece of paper you can see it's very low down on the totem poll," Bamford said. "The idea of creating the position is a great idea. I just think there was a bit of a disappointment that the position didn't have the stature that it might have had."
The new cybersecurity coordinator position is the outcome of a 60-day Cyberspace Policy Review, which was conducted by Melissa Hathaway, acting senior director for cyberspace for the National Security Council and Homeland Security Council. The new cyber czar is expected to act on areas highlighted in the review, including developing a strategy to secure communication and information networks across federal agencies, strengthen public-private partnerships and help the administration identify areas to invest in research and development.
But Bamford said the position doesn't appear to hold enough stature to make a major difference in Washington. A person is needed who could bridge the divide between those calling for more cybersecurity and those careful that it doesn't result in treading on civil liberties, he said.
"It needs somebody who could break through the bureaucracy," he said. "If you're powerful you're not gong to take a junior staffer position."