Security industry praises Schmidt but sees challenges ahead

President Obama's choice for cybersecurity coordinator is being widely praised, but experts say he has major hurdles to overcome.

SearchSecurity.com:

To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a video introducing himself to the public and explaining the role he will play coordinating cybersecurity matters from the White House, security luminary Howard Schmidt listed a broad list of people he plans to work closely with in his new post.

"I look forward to working with our leadership from Congress, industry, federal departments and agencies, state local and tribal governments as well as our international partners to ensure that our economic and national security interests are enhanced with our combined cybersecurity efforts," Schmidt said. 

"Howard needs to make sure that people understand that this is the first inning of a long game."
Roger Thornton, Chief Technology Officer, Fortify Software Inc.

Security experts say Schmidt has a big role to fill consummating a relationship with a broad range of diverse interests. But his background in government, as former cybersecurity advisor to the White House under the Bush administration and his leadership in the private sector having served in information security positions at Microsoft and eBay, give him the experience and skills necessary to bridge any divisions that exist and get federal agencies on track to make necessary security improvements.

"He has an understanding of the complexity of the White House and Washington and he has quite a bit of private sector experience," said Marcus Sachs, director of the SANS Internet Storm Center. "That mixture should serve him well."

Before any progress can be measured, Schmidt needs to release a document outlining the goals he intends to achieve over the course of the Obama administration. The politics of Washington D.C. will be Schmidt's biggest challenge, but Schmidt has served in the White House and knows how to deal with it, Sachs said. An action plan will likely be dominated by domestic issues, including coordinating cybersecurity efforts within various government agencies and laying out a well defined plan for incident response.

"Howard needs to make sure that people understand that this is the first inning of a long game," said Roger Thornton, cyber security expert and chief technology officer of Fortify Software Inc. "He needs to outline what the first steps are, articulate them clearly and go get them done."

Schmidt's mixture of public and private sector leadership is perhaps the greatest asset he brings to the White House, Thornton said. 

Cybersecurity coordinator:

May - Obama announces creation of cybersecurity coordinator position: The president promised to treat critical infrastructure as a strategic national asset, and that the cybersecurity coordinator would be responsible for orchestrating cybersecurity policies.

Dec. - Howard Schmidt named cybersecurity coordinator: Former Bush administration cybersecurity advisor Howard Schmidt is expected to be named cybersecurity coordinator.

"If it was an industry person with little Washington experience they would get crushed with inside the beltway politics and if it was a Washington insider, they might have a hard time coordinating with the private sector," Thornton said. "Howard cuts across both of those worlds and not in a trivial way."

Schmidt has the ability to find similarities in people who may have divergent interests, said Phillip Dunkelberger, president and CEO of encryption vendor PGP Corp. The goal of both the public and private sector is to secure sensitive data, so it's a matter of coordinating information sharing where Schmidt will highlight his talent, Dunkelberger said.

"We need to see the plan for the security of physical and data assets and understand the priorities of what needs to be protected," he said. "Securing information and stimulating innovation all require an understanding of how to work with the private sector on securing personal identifiable information as well as public sector defense and civilian agencies on critical information; Howard can bridge these cross functional teams."

Greg Garcia, who was the Bush administration's first presidentially appointed head of cyber-security at the Department of Homeland Security before leaving the post last December, said Schmidt needs to keep his head above water by delegating authority and letting DHS, NSA and other agencies involved execute on his strategy.

"Howard cannot get bogged down in operational matters or direct implementation," Garcia said. 'The temptation to take control of execution is great and that has been the propensity of all White Houses now matter what party we're talking about."

Schmidt's first priority, according to Garcia, is to get federal agency (.gov) domains secured then he can reach out to the private sector. Securing government agencies means ensuring that the Comprehensive National Cybersecurity Initiative (CNCI), a $40 billion classified plan, is fully carried out. The plan includes reducing the number of government connections to outside networks under the Trusted Internet Connections program and deploying the latest iteration of the Einstein system, giving agencies intrusion protection capabilities. 

Garcia was just one in a long line of DHS cybersecurity czars who tried to make agency security changes without having any real authority, said Schmidt has a better chance to succeed where others have fallen short. As a Bush appointee, Schmidt served as vice chair of the President's Critical Infrastructure Board and special cybersecurity advisor. It was Schmidt who helped develop the National Strategy to Secure Cyberspace in 2002 before leaving to go back to the private sector as eBay's security chief.

"The Bush administration did not have a senior level executive like Howard doing the coordinating," Garcia said. "We had junior level staffers doing the coordinating and other activities and that did not lend an air of stature and seniority as the cybersecurity coordinator position is intended to have."

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close