Expert: White House needs cybersecurity coordinator
- By Doug Beizer
- May 06, 2009
The challenge of securing government networks from cyber attacks is so large that one person at the White House shouldn't be expected to act as the operational leader of cybersecurity efforts and should instead be a coordinator, an expert said today.
James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, said the cybersecurity chief should ensure that all federal agencies are moving in the same direction. Lewis made his remarks at the Digital Government Institute’s Cyber Security Conference and Expo in Washington.
“The problem is, if you have a czar that is going to try and run everything from the White House, it won't work; he or she will be overloaded,” he said. Instead, the cybersecurity coordinator should set policies and ensure that agencies carry out those policies.
Although officials are considering establishing such a role, some White House offices don't want to give up their share of control over cybersecurity, Lewis said. When President Barack Obama took office, 14 White House offices thought they were in charge of cybersecurity, he added.
For example, the Office of Science and Technology Policy has the legal authority to secure telecommunications networks. “It is very old authority, and they don’t want to give it up,” he said.
As new functions were identified, jobs were given to other offices. “Now we are going to have to clean up the mess that grew over time,” he added.
While the cleanup takes place, agencies can do a lot on their own to secure their networks and data, he said, adding that basic security measures can eliminate about 80 percent of existing vulnerabilities.
Using secure network configurations, installing software patches and consolidating connections to the Internet can vastly improve agencies’ security profile, Lewis said.
“Agencies need to grab that low-hanging fruit where they have the power to do so, or identify where they don’t have the power and then start saying, 'I need it,'” he said. “If you focus on that, you can make the target much harder for the people who are coming at you.”
Doug Beizer is a staff writer for Federal Computer Week.