President Obama announced Friday the creation of a new cybersecurity coordinator who will orchestrate and integrate federal cybersecurity policies and agendas, though we'll have to wait to hear just who that official will be.
As national security and cybersecurity dignitaries looked on during a press conference with reporters to announce the results of a 60-day cybersecurity review he had ordered, Obama said he will personally select this new cybersecurity official, who will have regular access to him.
Cybersecurity has become an increasingly hot topic in government in recent months, with renewed efforts under way to overhaul outdated legislation and create new centralized and agency-led oversight. Attacks on government systems continue. On Thursday, reports emerged that a Turkish hacker had infiltrated military servers.
"America's digital infrastructure [is] the backbone that underpins a prosperous economy and a strong military and an open and efficient government," Obama said in his remarks. "It's the great irony of our Information Age -- the very technologies that empower us to create and to build also empower those who would disrupt and destroy."
The new cybersecurity coordinator will be responsible for directing government-wide cybersecurity policies as well as working with other levels of government and the private sector to keep computer networks safe, Obama said.
The official will be a member of both the national security staff and the national economic staff, and will have a team of employees, including an official dedicated to safeguarding digital privacy and civil liberties.
Lynn McNulty, a longtime government cybersecurity official who now serves on the board of directors for the governing body for the CISSP certification program, said it was about time the White House added a central authority on cybersecurity. "I think there needed to be some adult leadership here," McNulty said.
However, management headaches could become a stumbling block for the new cyberczar. Two members of Congress who recently wrote a bill urging the creation of such a position applauded Obama's move, but cautioned that the new cybersecurity official should report directly to the president. "There is no room for bureaucratic turf battles," Sens. John D. Rockefeller IV, D-W.Va., and Olympia Snowe, R-Maine, said in a statement. As of now, it seems the cybersecurity coordinator will report to the national security adviser as part of the newly formed national security staff as well as to the director of the national economic council.
The new official will also work closely with the Office of Management and Budget to ensure that agency budgets properly reflect the administration's cybersecurity priorities, and will work with federal CTO Aneesh Chopra and federal CIO Vivek Kundra to ensure that cybersecurity work lines up well with other federal technology endeavors. For example, Obama said, the coordinator will help develop clear metrics to measure cybersecurity progress. Kundra and other observers have argued for better measurement of the effectiveness of government agency cybersecurity efforts.
Despite the role as coordinator, if the president follows the recommendations of the 60-day cybersecurity review, which was led by acting White House cybersecurity chief Melissa Hathaway, the new official would not have any "operational responsibility or authority, nor the authority to make policy unilaterally," instead relying on partnership and interagency coordination to help "harmonize cybersecurity-related policy and technology efforts" and "develop a legislative agenda" in concert with the CTO, CIO, and a slew of other officials. However, Hathaway did recommend that the new official develop a comprehensive cybersecurity strategy for the president to consider.
Another priority for the cybersecurity coordinator, Obama said, will be to lead the government response to major cyberattacks. There has been some lack of clarity here over the years, as the Department of Defense, Department of Homeland Security, and National Security Agency have variously claimed rank on response to cyberattacks, recently causing Rod Beckstrom, director of the National Cyber Security Center at the Department of Homeland Security, to resign.
It's unclear when Obama will name the new cybersecurity adviser. Names that have been bandied about include Hathaway; Microsoft VP Scott Charney; and Paul Kurtz, former White House Homeland Security Council senior director for critical infrastructure protection.
Black Hat is like no other security conference. It happens in Las Vegas, July 25-30. Find out more and register.