Cyber Eye: Let's hope cybersecurity becomes a campaign issue
On a recent flight I sat next to Sen. Bob Graham, the former Florida governor and Democratic presidential hopeful. I asked his opinion of the state of federal IT security.
'I'm going to do something a politician hates to do'admit ignorance,' Graham said. Then, in the best political manner, he turned the question around. 'What do you think?'
I told him, 'It's something you are going to have to deal with if you're elected.'
Making IT security a campaign issue could raise its profile in the next administration, regardless of who gets elected. Studies have repeatedly shown that poor security is primarily a management issue, not a technical one. The General Services Administration and the Office of Management and Budget agree that engaging management attention at the highest levels is crucial.
But attention seems to have drifted at the highest level of federal management, the White House.
Soon after the low-key February release of the National Strategy to Secure Cyberspace, its primary driver, Richard A. Clarke, resigned. The long-time White House adviser had chaired the President's Critical Infrastructure Protection Board.
His successor, vice chairman Howard Schmidt, had no chance to take the reins before the board was dissolved. Schmidt last month announced his intention to leave government.
So far, the White House seems to have no plans for replacing either of them.
The main element of the cyberspace strategy is cooperation between public and private sectors. But these recent events have observers complaining that the government doesn't seem to be pulling its weight.
The administration has said the primary focus for cybersecurity will be the new Homeland Security Department. But its attention, for now at least, is taken up by physical security.
OMB officials assure the public that they take seriously the responsibility for executive branch IT security. Yet Clarke and other observers have pointed out there is no one at HSD or OMB'or in the rest of the administration'whose job is exclusively IT security.
That's not to say they're ignoring IT security. But when attention is split between physical security and cyberspace, the physical demands will take precedence. A backlog of critical work will inevitably pile up.
The federal government has demonstrated that it's pretty good at securing secret systems. A visible presidential commitment could go a long way toward getting the resources to enforce IT security governmentwide.