Cyber chief slams security efforts

White House cybersecurity coordinator Howard Schmidt takes aim at automated detection, education and coordination

Although agencies are improving cybersecurity at the national level, the federal approach to securing U.S. interests online still leaves much to be desired, a high-ranking Obama administration official said.

Howard Schmidt, the White House's cybersecurity coordinator, called for enterprisewide network intrusion detection and math and science training in U.S. schools. He also cited a lack of coordination in the government's cyber research and development.

“As far as enterprisewide intrusion detection goes, it falls under the category of, ‘Why haven’t we done that already?' " Schmidt said at the Interagency Resources Management Conference in Cambridge, Md., April 13. “It’s a big point of discussion.”

The commercial sector is deploying intrusion detection technology on private networks, but the federal government is lagging, dogged by bureaucracy and disputes over privacy and how best to implement such a strategy, he said.

Furthermore, the U.S. education system is failing to prepare future cyber warriors, Schmidt said. “We need to work on math and science training in our schools," he said. "That relates directly to the future of cybersecurity.”

A working group is being established to examine the issue and make recommendations to the White House on how to develop a cyber career path at American schools. Efforts are also under way to promote cyber careers at the college level by offering scholarships and government service programs, Schmidt said. Currently, there are about 100 colleges involved in the effort -- a number Schmidt hopes will soon increase as his office finds ways to expand the program.

Although many, if not most, federal agencies are creating offices to deal with cybersecurity, those efforts are not in sync, Schmidt said. “There’s little coordination in cyber research and development," he added." Who’s doing what? Why are they doing that? How long have they been doing that? What is missing?”

The Homeland Security Department is leading the effort to link cyber efforts across the government through its centers of excellence, Schmidt said.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Fri, Apr 16, 2010

I wonder if the IA compaanies are behind the push in school. They see $$$$$ galore!

Fri, Apr 16, 2010 Anony Mous

Get kids in high schools to set up their own school-specific social network servers, using Drupal or other open source community software, as an extra-curricular activity. Let them define the content and how it works. Let them deal with both the nitty-gritty details of running a system that could be vulnerable to attack, and the content-level disputes over free speech vs. defamy and fraud. High school newspaper 2.0, but so much more. Kids with wildly different interests and skills could work together on it. Make one per class year. Or something.

Thu, Apr 15, 2010 CuriousIT

Is intrusion detection/prevention even possible on such a diverse network as used by the federal government? Multiple operating systems, multiple versions of each operating system, multiple versions of browsers, differing requirements for managing ports due to the use of legacy software that was written when security wasn't even an afterthought. How do you wade through all the false positives? Mr Schmidt is correct that something has to be done but unless there is funding and teeth behind his statements, progress will be slow.

Thu, Apr 15, 2010 Papa_K SoTx

My two cents; I think this best sums up why: "the federal government is lagging, dogged by bureaucracy and disputes over privacy and how best to implement such a strategy". Most non-security types within the government don't have a clue. They think they know because they can spell security but they have no idea what they're doing. So no standard is going to help if they have no clue. We have too many managers who know how to make excuses and the system allows them to continue to be in that position. We award the dumb. I've worked for many like that. You have to give the IT Security individual the authority to establish IT security not the mid level managers. This is where the Government's problem is. And if you educate the new generation you think they are going to want to work for the restrictive Fed Gov and for the small salaries and bureaucracy? Why?

Thu, Apr 15, 2010 Bman

It would be nice to see a unified approach instead of each agency doing what it thinks is acceptable. My agency has reinvented its network security approach 3 separate times in nine years, and is in the process of doing it again now. Intrusion detection is already part of the existing doctrine but seems to be lacking in its effectiveness. Its about time a Cyber chief admits the short comings of the Fed in this area and makes an effort to fix them publicly ensuring that things have been documented.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group