Cyber chief slams security efforts

White House cybersecurity coordinator Howard Schmidt takes aim at automated detection, education and coordination

Although agencies are improving cybersecurity at the national level, the federal approach to securing U.S. interests online still leaves much to be desired, a high-ranking Obama administration official said.

Howard Schmidt, the White House's cybersecurity coordinator, called for enterprisewide network intrusion detection and math and science training in U.S. schools. He also cited a lack of coordination in the government's cyber research and development.

“As far as enterprisewide intrusion detection goes, it falls under the category of, ‘Why haven’t we done that already?' " Schmidt said at the Interagency Resources Management Conference in Cambridge, Md., April 13. “It’s a big point of discussion.”

The commercial sector is deploying intrusion detection technology on private networks, but the federal government is lagging, dogged by bureaucracy and disputes over privacy and how best to implement such a strategy, he said.

Furthermore, the U.S. education system is failing to prepare future cyber warriors, Schmidt said. “We need to work on math and science training in our schools," he said. "That relates directly to the future of cybersecurity.”

A working group is being established to examine the issue and make recommendations to the White House on how to develop a cyber career path at American schools. Efforts are also under way to promote cyber careers at the college level by offering scholarships and government service programs, Schmidt said. Currently, there are about 100 colleges involved in the effort -- a number Schmidt hopes will soon increase as his office finds ways to expand the program.

Although many, if not most, federal agencies are creating offices to deal with cybersecurity, those efforts are not in sync, Schmidt said. “There’s little coordination in cyber research and development," he added." Who’s doing what? Why are they doing that? How long have they been doing that? What is missing?”

The Homeland Security Department is leading the effort to link cyber efforts across the government through its centers of excellence, Schmidt said.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Fri, Apr 16, 2010

I wonder if the IA compaanies are behind the push in school. They see $$$$$ galore!

Fri, Apr 16, 2010 Anony Mous

Get kids in high schools to set up their own school-specific social network servers, using Drupal or other open source community software, as an extra-curricular activity. Let them define the content and how it works. Let them deal with both the nitty-gritty details of running a system that could be vulnerable to attack, and the content-level disputes over free speech vs. defamy and fraud. High school newspaper 2.0, but so much more. Kids with wildly different interests and skills could work together on it. Make one per class year. Or something.

Thu, Apr 15, 2010 CuriousIT

Is intrusion detection/prevention even possible on such a diverse network as used by the federal government? Multiple operating systems, multiple versions of each operating system, multiple versions of browsers, differing requirements for managing ports due to the use of legacy software that was written when security wasn't even an afterthought. How do you wade through all the false positives? Mr Schmidt is correct that something has to be done but unless there is funding and teeth behind his statements, progress will be slow.

Thu, Apr 15, 2010 Papa_K SoTx

My two cents; I think this best sums up why: "the federal government is lagging, dogged by bureaucracy and disputes over privacy and how best to implement such a strategy". Most non-security types within the government don't have a clue. They think they know because they can spell security but they have no idea what they're doing. So no standard is going to help if they have no clue. We have too many managers who know how to make excuses and the system allows them to continue to be in that position. We award the dumb. I've worked for many like that. You have to give the IT Security individual the authority to establish IT security not the mid level managers. This is where the Government's problem is. And if you educate the new generation you think they are going to want to work for the restrictive Fed Gov and for the small salaries and bureaucracy? Why?

Thu, Apr 15, 2010 Bman

It would be nice to see a unified approach instead of each agency doing what it thinks is acceptable. My agency has reinvented its network security approach 3 separate times in nine years, and is in the process of doing it again now. Intrusion detection is already part of the existing doctrine but seems to be lacking in its effectiveness. Its about time a Cyber chief admits the short comings of the Fed in this area and makes an effort to fix them publicly ensuring that things have been documented.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group