Top 5 challenges for the cyber coordinator
President Barack Obama's pledge to appoint a cybersecurity policy coordinator at the White House has drawn cheers, jeers and a long to-do list
Many people agree that the country needs a cybersecurity coordinator at the White House. But more than three months after President Barack Obama pledged to select someone to lead a new office focused on coordinating cybersecurity policy, the post remains unfilled.
In the interim, there has been rampant speculation about the position. However, despite their differences, everyone agrees that the new cybersecurity coordinator will face a daunting set of challenges.
"No matter who is appointed cyber coordinator, they will have an enormous task in front of them," said Sen. Thomas Carper (D-Del.), who introduced cybersecurity legislation earlier this year.
Here are the top five challenges the cybersecurity coordinate must tackle.
1. Commanding respect
In May, Obama said he would treat the country’s digital infrastructure as a strategic national asset. However, since then, some observers have questioned whether the new leader will have enough authority.
The first thing the new official has to do is figure out his or her job description, said Dale Meyerrose, former chief information officer at the Office of the Director of National Intelligence and now vice president and general manager of cyber programs at Harris.
Scott Borg, director and chief economist at the nonprofit U.S. Cyber Consequences Unit, said the biggest challenge for the new cybersecurity coordinator might be to convince people of the job’s importance.
“Over the last few years, we have seen a half-dozen so-called cyber czars resign in frustration,” Borg said. Because of that history, people will need to be shown why they should pay attention to another cybersecurity official.
2. Building relationships in government
The Obama administration’s 60-day review of cybersecurity policy, completed in April, found that the federal government isn’t properly organized for cybersecurity. Responsibilities are scattered across agencies, many of which have overlapping functions.
Rep. Michael McCaul (R-Texas), who is co-chairman of the House Cybersecurity Caucus and the influential Center for Strategic and International Studies's cybersecurity commission, said the first thing he would like to see the new official do is sit down with the leaders of the Homeland Security Department, National Security Agency and Defense Department to improve cybersecurity coordination.
James Lewis, who directs the CSIS commission and the organization’s Technology and Public Policy Program, said the coordinator must establish partnerships with other key White House offices, such as the Office of Management and Budget. He also said the official will need to convince Congress that the position isn’t simply ornamental.
Karen Evans, former administrator of e-government and information technology at OMB and now a partner at KE+T Partners, said the new official should make it a priority to develop relationships with the chief performance officer, chief technology officer and federal CIO. Strong relationships with agency CIOs will also be important, she said.
3. Creating a true public/private partnership
With the private sector owning and operating much of the country’s digital backbone and critical infrastructure, many observers believe bolstering the government’s relationship with the private sector is essential to improving cybersecurity.
For his part, Obama said his administration would “collaborate with industry to find technology solutions that ensure our security and promote prosperity.”
Amit Yoran, chief executive officer of network security company NetWitness and former director of DHS’ National Cybersecurity Division, said the coordinator should work to improve relationships with industry.
McCaul said that in the past, the private sector has been reluctant to share information with the federal government, and that culture needs to change.
4. Sorting out legal authorities while protecting civil liberties
Obama said his new cybersecurity office would include someone whose job was to safeguard the privacy and civil liberties of Americans.
“Our pursuit of cybersecurity will not — I repeat, will not — include monitoring private-sector networks or Internet traffic,” Obama said. “We will preserve and protect the personal privacy and civil liberties that we cherish as Americans.”
However, defining the roles that DHS, a civilian agency, and intelligence agencies will play remains contentious. Whatever the outcome, the cybersecurity office will need to address concerns about privacy and civil liberties.
5. Finding the correct focus, fast
Melissa Hathaway, who led the administration’s 60-day cybersecurity review, said the race to secure cyberspace was a marathon, not a sprint. Hathaway has since moved on, but the ambitious goals her review identified remain.
Meyerrose said the review resulted in more than 40 implied tasks that the cybersecurity coordinator must prioritize because he or she won’t be able to tackle them all at once or necessarily afford to address them all.
Lewis said the coordinator will need to initiate the process of drafting a new national strategy and show some quick successes to demonstrate his or her value.
Ben Bain is a reporter for Federal Computer Week.