Bush plan rejects cybersecurity czar

PDD-63 White Paper

The Bush administration is wrapping up details on a new governmentwide structure to lead national cybersecurity efforts, again rejecting the idea of having a security czar.

White House officials have been working for months on ways to reorganize the government's initiatives for protecting the information systems that support the nation's critical infrastructure. The critical infrastructure protection (CIP) effort started under President Clinton in 1998, when he signed Presidential Decision Directive 63.

Many have suggested establishing a cybersecurity czar with a role similar to John Koskinen's position leading the federal government's Year 2000 efforts. But Clinton, concerned that agencies would pass responsibility to a czar, in PDD 63 created a national coordinator at the National Security Council to oversee agency CIP efforts.

The new Bush plan, expected later this month, will continue in that vein by creating a board — with members from the various critical infrastructure protection sectors — to coordinate policy and provide support for individual agency initiatives.

"We can't have a single government agency or single government entity handling this problem," said Paul Kurtz, director of transnational threats at the National Security Council and the NSC's leader for cyberprotection issues. "The idea is a dispersed solution that allows coordination across agencies."

The board's chairman will report directly to the national security adviser, currently Condoleezza Rice. The board will have several function-specific subcommittees to cover in-depth the issues under CIP. This will include national security, research and development, training, and physical security as it ties in with cybersecurity, Kurtz said.

"We're going to be at the top trying to set the trend lines, trying to set the pace," he said.

But the board will not dictate specific rules for agencies to follow, because that would likely lead to the same pass-the-buck mentality as a czar.

"We can't fight for each particular agency's needs," Kurtz said "We can help, but we need to have each agency take responsibility for their security."

The board will oversee some specific initiatives, including the Cyber Warning and Information Network under development to tie in cyber incident alert information from across government and even the private sector. This effort will link to the initiative at the General Services Administration's Federal Computer Incident Response Center to create a central warnings and analysis center for civilian security incidents.

This network's structure is in development, with plans to put it in place this fall. For now, the idea is to create a "ringdown" network, so that if any agency's incident response team sends out an alert on the network, it is automatically sent to all other members of the network, Kurtz said.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.