Cyber chief slams security efforts

White House cybersecurity coordinator Howard Schmidt takes aim at automated detection, education and coordination

Although agencies are improving cybersecurity at the national level, the federal approach to securing U.S. interests online still leaves much to be desired, a high-ranking Obama administration official said.

Howard Schmidt, the White House's cybersecurity coordinator, called for enterprisewide network intrusion detection and math and science training in U.S. schools. He also cited a lack of coordination in the government's cyber research and development.

“As far as enterprisewide intrusion detection goes, it falls under the category of, ‘Why haven’t we done that already?' " Schmidt said at the Interagency Resources Management Conference in Cambridge, Md., April 13. “It’s a big point of discussion.”

The commercial sector is deploying intrusion detection technology on private networks, but the federal government is lagging, dogged by bureaucracy and disputes over privacy and how best to implement such a strategy, he said.

Furthermore, the U.S. education system is failing to prepare future cyber warriors, Schmidt said. “We need to work on math and science training in our schools," he said. "That relates directly to the future of cybersecurity.”

A working group is being established to examine the issue and make recommendations to the White House on how to develop a cyber career path at American schools. Efforts are also under way to promote cyber careers at the college level by offering scholarships and government service programs, Schmidt said. Currently, there are about 100 colleges involved in the effort -- a number Schmidt hopes will soon increase as his office finds ways to expand the program.

Although many, if not most, federal agencies are creating offices to deal with cybersecurity, those efforts are not in sync, Schmidt said. “There’s little coordination in cyber research and development," he added." Who’s doing what? Why are they doing that? How long have they been doing that? What is missing?”

The Homeland Security Department is leading the effort to link cyber efforts across the government through its centers of excellence, Schmidt said.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The 2014 Federal 100

FCW is very pleased to profile the women and men who make up this year's Fed 100. 

Reader comments

Fri, Apr 16, 2010

I wonder if the IA compaanies are behind the push in school. They see $$$$$ galore!

Fri, Apr 16, 2010 Anony Mous

Get kids in high schools to set up their own school-specific social network servers, using Drupal or other open source community software, as an extra-curricular activity. Let them define the content and how it works. Let them deal with both the nitty-gritty details of running a system that could be vulnerable to attack, and the content-level disputes over free speech vs. defamy and fraud. High school newspaper 2.0, but so much more. Kids with wildly different interests and skills could work together on it. Make one per class year. Or something.

Thu, Apr 15, 2010 CuriousIT

Is intrusion detection/prevention even possible on such a diverse network as used by the federal government? Multiple operating systems, multiple versions of each operating system, multiple versions of browsers, differing requirements for managing ports due to the use of legacy software that was written when security wasn't even an afterthought. How do you wade through all the false positives? Mr Schmidt is correct that something has to be done but unless there is funding and teeth behind his statements, progress will be slow.

Thu, Apr 15, 2010 Papa_K SoTx

My two cents; I think this best sums up why: "the federal government is lagging, dogged by bureaucracy and disputes over privacy and how best to implement such a strategy". Most non-security types within the government don't have a clue. They think they know because they can spell security but they have no idea what they're doing. So no standard is going to help if they have no clue. We have too many managers who know how to make excuses and the system allows them to continue to be in that position. We award the dumb. I've worked for many like that. You have to give the IT Security individual the authority to establish IT security not the mid level managers. This is where the Government's problem is. And if you educate the new generation you think they are going to want to work for the restrictive Fed Gov and for the small salaries and bureaucracy? Why?

Thu, Apr 15, 2010 Bman

It would be nice to see a unified approach instead of each agency doing what it thinks is acceptable. My agency has reinvented its network security approach 3 separate times in nine years, and is in the process of doing it again now. Intrusion detection is already part of the existing doctrine but seems to be lacking in its effectiveness. Its about time a Cyber chief admits the short comings of the Fed in this area and makes an effort to fix them publicly ensuring that things have been documented.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above