Editorial: Abhorring a vacuum
We were shocked and disappointed last month when Amit Yoran abruptly resigned after only one year as the nation's cybersecurity czar. The suddenness of his resignation — by most accounts, he gave 24-hours' notice — reflects his level of frustration as director of the Homeland Security Department's National Cyber Security Division.
The cybersecurity post is already difficult, because it requires helping agency officials secure their systems in addition to protecting the nation's critical infrastructure by carrying out the Bush administration's National Strategy to Secure Cyberspace.
But neither issue has received the attention that it needs and deserves. And the departure of Yoran — effectively the third person to hold that job in recent years — will produce a leadership vacuum. After all, it was difficult to hire Yoran. Finding a successor will likely be even harder, given the experience of Yoran and his predecessors.
Many in industry believe Yoran was taking important steps. Yet they also say he was hindered by bureaucracy and that he grew frustrated by the slow pace of progress.
There are questions about whether the cybersecurity chief should be part of DHS or the Office of Management and Budget. It is unclear how those questions should be answered. The post needs more authority, and these issues must be resolved quickly. Qualified candidates will not want to take on an undefined job with a bad track record.
Additionally, such issues are a distraction from more important cybersecurity concerns. By most accounts, the United States has serious cybersecurity vulnerabilities. We have been lucky, so far. But if we do not act now, we could soon be assessing another report from another commission that will be asking a familiar question about why we did not secure the nation's critical infrastructure before being struck by an electronic equivalent to the Sept. 11, 2001, terrorist attacks.
If we are truly going to secure the country, cybersecurity must be a significant part of those efforts. An effective and empowered cybersecurity czar should be a priority.