[ISN] U.S. Cybersecurity Chief May Have a Conflict of Interest

From: InfoSec News (isn@private)
Date: Thu Jun 29 2006 - 01:53:18 PDT


http://www.washingtonpost.com/wp-dyn/content/article/2006/06/28/AR2006062801903.html

Associated Press
June 29, 2006

The Bush administration's cybersecurity chief is a contract employee
who earns $577,000 under an agreement with a private university that
does extensive business with the federal office he manages.

Donald "Andy" Purdy Jr. has been acting director of the Homeland
Security Department's National Cyber Security Division for 21 months.  
His two-year contract with Carnegie Mellon University in Pittsburgh
has drawn attention from members of Congress. By comparison, the
Homeland Security secretary, Michael Chertoff, is paid $175,000
annually.

Purdy is on loan from the school to the government, which is paying
nearly all his salary. Meanwhile, Purdy's cybersecurity division has
paid Carnegie Mellon $19 million in contracts this year, almost
one-fifth of the unit's total budget.

Purdy said he has not been involved in discussions of his office's
business deals with the school. "I'm very sensitive to those kinds of
requirements," Purdy said. "It's not like Carnegie Mellon has ever
said to me, 'We want to do this or that. We want more money.' "

Some lawmakers who oversee the department questioned the decision to
hire Purdy as acting cybersecurity director. They noted enduring
criticism by industry experts and congressional investigators over the
department's performance on cybersecurity matters.

Purdy's contract "raises questions about whether the American people
are getting their money's worth," Democratic Reps. Bennie Thompson of
Mississippi and Loretta Sanchez and Zoe Lofgren, both of California,
wrote in a letter to Republicans.

Purdy, a longtime lawyer, has held a number of state and federal legal
and managerial jobs. He has no formal technical background in computer
security.

Purdy controls a budget of about $107 million and as many as 44
full-time federal employees. He said his salary is commensurate with
those of some other government contractors.

Purdy's former boss and predecessor as cybersecurity chief, Amit
Yoran, earned $131,342 before he resigned abruptly in October 2004.  
Chertoff agreed one year ago to create a position of assistant
secretary over cybersecurity. The job is unfilled, a point of
consternation among many security experts.

Carnegie Mellon is highly regarded among experts who study hacker
attacks and software flaws. The university declined to comment on
Purdy's salary, citing employee confidentiality. It said it has
avoided discussing government contracts with Purdy in his role as
chief of the cybersecurity office that awards those contracts.

The department said Purdy consulted with ethics lawyers when he signed
his employment contract. Purdy is so careful about avoiding potential
conflicts that he leaves the room when employees discuss contracts
related to Carnegie Mellon's work, said one DHS official, who spoke on
the condition of anonymity because this official is not authorized to
speak with reporters.

 2006 The Washington Post Company



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu Jun 29 2006 - 02:11:43 PDT