Howard A. Schmidt, former cybersecurity adviser to the White House under the Bush administration, was named the nation's cybersecurity coordinator by President Obama Tuesday.
In a White House announcement, John Brennan, assistant to the president for homeland security and counterterrorism, said Schmidt will have the responsibility of orchestrating many cybersecurity activities across the government.
"Howard will have regular access to the president and serve as a key member of his national security staff," Brennan said in an announcement email sent to the White House email list. "He will also work closely with his economic team to ensure that our cybersecurity efforts keep the nation secure and prosperous."
The announcement is an early Christmas present for the security industry. Obama announced on May 29 that he intended to personally select a cybersecurity coordinator who would coordinate cybersecurity policies across government agencies. At that time he declared the coordinator would have full and regular access to the president and would help shape the White House national security strategy. Obama also proclaimed that critical networks and infrastructure would be a strategic national asset that must be defended. His announcement also coincided with a Pentagon plan to step up offensive capabilities in cyberspace.
In an accompanying video message, Schmidt said his goals will be to develop a comprehensive strategy to secure networks and ensure an organized, uniform response to future cyber incidents. He said he would work to strengthen public-private partnerships in the United States and abroad, promote research and development of security technologies and lead a cybersecurity awareness and education campaign.
"I look forward to working with our leadership from Congress, industry, federal departments and agencies, state local and tribal governments as well as our international partners to ensure that our economic and national security interests are enhanced with our combined cybersecurity efforts," Schmidt said.
But the seven-month lag has dampened the initial enthusiasm over the announcement. Reports have stated that many candidates have passed on the job because the coordinator would have to report to both the National Security Council and the National Economic Council, and wouldn't have enough authority to make a difference. The most notable was Melissa Hathaway, who headed up the Obama-mandated 60-day review of cybersecurity policies. Hathaway resigned as the top White House adviser in August and opted for a role in the private sector.
Security expert Bruce Schneier has been a vocal critic of the new White House post, warning that its political nature and the lack of any clear budgetary authority makes any real progress difficult for anyone in the role to obtain. In an email message, Schneier said it's too early to tell if Schmidt has what it takes to make the necessary changes.
"It's a very political job, and I know nothing about Schmidt's political savvy," Schneier said. "I also don't know about the political power of the job."
Schmidt is an industry veteran, an influential and outspoken figure who has held top information security positions at Microsoft and eBay during his career. Most recently, Schmidt has been the head of the Information Security Forum, a nonprofit group of public and private sector organizations focused on cybersecurity.
"Having had the privilege to work with Howard for many years, I know he has just the right background and qualifications to design and execute the public-private coordination as well as the international experience that is needed to succeed in the role," said Phillip Dunkelberger, president and CEO of encryption vendor PGP Corp. where Schmidt serves on the company's Board of Directors.
Dunkelberger said the success of the position hinges on how clearly stated Schmidt's priorities and expectations are and how closely the White House sticks to a timeframe for results.
"It's going to be a multi-year effort … some of the priorities may not be for public consumption," Dunkelberger said. "From an international standpoint, [Schmidt] needs to make sure the world understands that the U.S. can't be on the hook alone to fix the problem."
Network Security Expert Dan Kaminsky, director of penetration testing, IOActive Inc., said the public and private sector has proven that it can work together effectively. Kaminsky organized an industry wide coordinated patch release repairing a widespread DNS cache poisoning flaw in 2008. The coordinated release involved getting together public and private industry experts representing a broad range of interests.
"The DNS repair effort really opened my eyes to how much coordination and cooperation we now enjoy," Kaminsky said in an email message. "Specifically, cybersecurity is difficult because it just does not care about jurisdictional boundaries … In a world where scopes are supposed to have nice, clean borders, that's a rough problem to have."
Schmidt has a lengthy security resume, starting with a 16-year career in the Air Force before joining several law enforcement agencies, including the FBI. He landed at Microsoft in 1997 working his way up to chief security officer. After September 11, President George W. Bush appointed Schmidt vice chair of the President's Critical Infrastructure Board and special cybersecurity adviser. In 2002, he helped develop the National Strategy to Secure Cyberspace, the first document of its kind in the government. He left that seat in 2003 to join eBay.
News Editor Robert Westervelt contributed to this report.