[ISN] U.S. government to get cybersecurity chief

From: InfoSec News (isnat_private)
Date: Tue May 27 2003 - 00:04:06 PDT

  • Next message: InfoSec News: "[ISN] Apache group issues update, warns of security hole"

    http://www.salon.com/tech/wire/2003/05/25/cybersecurity/index.html
    
    By Ted Bridis
    May 25, 2003
    
    WASHINGTON (AP) -- The Bush administration plans to appoint a new
    cybersecurity chief for the government inside the Homeland Security
    Department, replacing a position once held by a special adviser to the
    president. Industry leaders worry the new post won't be powerful
    enough.
    
    The move reflects an effort to appease frustrated technology
    executives over what they consider a lack of White House attention to
    hackers, cyberterror and other Internet threats. Officials have
    outlined their intentions privately in recent weeks to lawmakers,
    technology executives and lobbyists.
    
    The new position, expected to be announced formally within two weeks,
    is drawing early criticism over its placement deep inside the agency's
    organizational chart. The nation's new cyberchief will be at least
    three steps beneath Homeland Security Secretary Tom Ridge.
    
    In Washington, where a bureaucrat's authority and budget depend
    largely on proximity to power, some experts fear that could be a
    serious handicap.
    
    "It won't work. It's not a senior enough position," said Richard
    Clarke, Bush's top cyberspace adviser until he retired this year after
    nearly three decades with the government. Clarke's deputy, Howard
    Schmidt, resigned last month and accepted a job as chief information
    security officer for eBay Inc.
    
    "While it's not optimal having someone technically that low in the
    pecking order, it's much better than the current situation," said
    Harris Miller, head of the Information Technology Association of
    America, a leading industry trade group. He said success at that level
    of Washington's bureaucracy is "not mission impossible, it's just a
    difficult mission."
    
    The plan is consistent with Ridge's unease over elevating
    cyberconcerns above the security of airports, buildings, bridges and
    pipelines. The agency currently lumps both those issues under its
    Information Analysis and Infrastructure Protection unit, one of four
    directorates in Homeland Security.
    
    "It's pretty difficult for many businesses and many economic assets in
    this country to segregate the cyber side from the physical side
    because how that company operates, how that community operates, is
    interdependent," Ridge told lawmakers at a hearing this week.
    
    The new cyberchief also will be responsible for carrying out the
    dozens of recommendations in the administration's "National Strategy
    to Secure Cyberspace," a set of proposals put together under Clarke
    just before his departure.
    
    That plan, completed in February, is drawing criticism because it
    emphasizes voluntary measures to improve computer security for home
    users, corporations, universities and government agencies.
    
    "I don't think we have a plan," said Rep. Zoe Lofgren of California,
    the senior Democrat on the Homeland Security subcommittee on
    cybersecurity. "If we just take a look at that strategy, we're not
    going to end up with the solutions we need. There's a sense among the
    committee that there needs to be a little more meat."
    
    The government privately acknowledges many of those criticisms. In a
    previously undisclosed internal memorandum to Commerce Secretary Don
    Evans, the head of the agency's Bureau of Industry and Security
    described complaints from technology executives after meeting with
    them in September in California.
    
    The executives felt the government's plan was "not sufficiently strong
    because many of the key recommendations had been `watered down' and
    were not `mandatory,"' Undersecretary Kenneth Juster wrote. His
    organization at the time included the U.S. Critical Infrastructure
    Assurance Office, which has moved to Homeland Security. The Associated
    Press obtained a copy of Juster's memo under the Freedom of
    Information Act.
    
    Officials are still looking for candidates for the new position, which
    will be announced within the next two weeks. Clarke, now a private
    consultant, cautioned that the administration will have a difficult
    time convincing a prestigious cybersecurity expert to take the job.  
    Some others predicted that won't be a problem.
    
    "Most folks if asked to do this would jump at the opportunity," said
    Sunil Misra, chief security adviser at Unisys Corp.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed May 28 2003 - 16:18:41 PDT