The White House Cyber Security Initiative: One Month Gone, No Cyber Czar, No Progress
July 6, 2009 Leave a comment
On May 29, President Obama stepped to the microphone and assured all of us that cyber security would be a top priority for his administration. He cited the need to protect the country against the direct attacks on our infrastructure by other countries. He spoke of a “cyber czar” that would help centralize the cyber security activities of the federal government and build bridges to the private sector. And the White House delivered the Cyberspace Policy Review.
The White House has followed up this grand show with…absolutely nothing. Zip. Zilch.
While many in the IT Security industry applauded the event and used all of the hyperbolic adjectives to praise the announcement, I could not help but be concerned. And so far the follow-up and execution has done nothing to take away my fears. One of my specific concerns was why the announcement was made without the cyber czar in place. It is now July and the Obama administration has not yet identified the person to lead this effort. Most concerning is that names for frontrunners have been scarce in a town where speculating on who-will-get-what-post is a full-time hobby. I simply cannot believe that no one is qualified, so my logical conclusion is that those being considered are being scared away by a role that either lacks real power or is too poorly defined (or both). If I am correct, then landing an effective leader will be problematic and the initiative will have little hope of success, as the role absolutely requires someone who can facilitate effective first steps and overcome the obstacles of the politics at hand.
I normally like to be right, but in this case I would have welcomed the opportunity to have been proven wrong. But unless we can roll up the Cyberspace Policy Review and use it to beat away malicious attacks, the cyber initiative is off to a less than promising start. We are stuck at the starting line without a leader, and from all appearances without even the most modest of next steps on the horizon.
I think it is time for the IT Security community to cease the platitudes to the Obama Administration and instead call for immediate progress. We are already behind, and we will never catch up if we cannot make even the first constructive steps forward.