National cybersecurity coordinator choice widely applauded

Editor's note: This story has been revised since its original publication.

Former industry and government cybersecurity official Howard Schmidt will be a good national cybersecurity coordinator, according to many in the information technology industry. President Obama appointed Schmidt to the post today, seven months after first announcing the creation of the position.

“I couldn’t be happier,” said Roger Thornton, chief technology officer of Fortify Software, where Schmidt sits on the board of directors.

In the months since Obama first announced the position, rumors have circulated about a number of public- and private-sector officials as potential candidates for the job, including several powerful corporate chief executives and lawmakers, incuding former Rep. Tom Davis, a Virginia Republican who chaired the House Government Reform Committee during much of the George W. Bush administration.

“But the thing that Howard brings is that he has been in government on the [Defense Department] side and in the executive branch for years, and he has had some high-profile security jobs in industry and headed up industry associations,” Thornton said. “You need someone with enough government experience to be trusted, but enough industry experience to understand the problems.”

However, the timing of the announcement -- three days before Christmas -- raised the eyebrows of Jim Ivers, chief marketing officer for Triumfant.

"The way it has been handled is an indication of a lack of urgency within the administration," Ivers said. "It feels like they tried to slip it in."

Schmidt was cybersecurity adviser during the Bush administration, and before that was chief information security officer (CISO) at Microsoft and at eBay. He also served in the Air Force and has worked with the FBI, and currently is president of the Information Security Forum.

In his new role, Schmidt will report to John Brennan, assistant to the president for homeland security and counterterrorism; Brennan said that the coordinator will have regular access to the president and will be a key member of the national security staff. Schmidt also will work closely with the White House economic team, headed by economic adviser Lawrence H. Summers.

In announcing the appointment, Brennan called Schmidt “one of the world’s leading authorities on computer security, with some 40 years of experience in government, business and law enforcement,” and said he would “have the important responsibility of orchestrating the many important cybersecurity activities across the government.”

The breadth of the new position’s responsibilities — and the fact that the coordinator will be reporting to Brennan and Summers rather than directly to the president — reportedly made many candidates for the job leery about accepting it.

Ivers said he does not know Schmidt, but that the general reaction to him indicates he was a good choice for the position of coordinator. But he questioned the support he would have within the White House.

"There is a lot that could be done if the person has the right power," Ivers said. "There have always been a concern that the position would not have enough power or scope to make a difference. If I were taking the position, I would want the full faith and credit of the president of the United States behind me to take the job."

That faith was not demonstrated by the choice of dates on which the new position was announced -- the Friday before the Memorial Day weekend -- and on which the appointment was made, he said. "As a marketing person, I would never bury something I thought was important on the Tuesday before Christmas," he said. "I just don't see the president standing up behind this whole process."

Alan Paller, director of research at the Sans Institute, said that Schmidt is an appropriate choice to overcome the perceived difficulties of the job.

“Howard is going to surprise a lot of people in Washington,” Paller said. “He had extraordinary successes as CISO at Microsoft at a time when security wasn't very high on most of the Microsoft officers' priority lists.”

Paller said Schmidt has demonstrated the ability to create the necessary support to overcome organizational resistance and get things done. His previous experience in the White House trenches should also stand him in good stead in his current position, he said.

“He's already been burnt badly by overzealous White House Council of Economic Advisors staff members when they emasculated the original draft of the National Strategy to Secure Cyber Space,” Paller said. “So I expect he wouldn't have taken the job without getting some assurance that Larry Summers will not veto any initiatives that ask industry to ensure the security of the products and services they sell or the security of the power and communications networks.”

Rep. Jim Langevin (D-Mich.), who co-chaired the Center for Strategic and International Studies' Commission on Cybersecurity for the 44th Presidency, said he will try to work with Schmidt to implement the recommendations that that effort produced. "Cybersecurity is among the most serious economic and national security challenges we will face in the 21st century, and our nation must respond vigorously to threats against our cyber infrastructure." Langevin said in a written statement. "Today’s appointment should serve as a clear indication to both the public and private sectors of the seriousness and significance of this issue."

Phil Dunkelberger, CEO of PGP Corp. and chairman of the Cybersecurity CxO Council at the industry organization TechAmerica, said Schmidt has the right experience to coordinate the public-private cooperation that will be required in his job. Schmidt also sits on the PGP board.

“If you look at Howard’s skill set, it matches up to the three major initiatives of the Obama administration, all of which have a critical cyber component: The war in Iraq and Afghanistan, stimulating the economy and healthcare,” Dunkelberger said.

The national cyber coordinator’s job will be a delicate balancing act of ensuring that sensitive information is secure while at the same time stimulating innovation, and coordinating efforts across a broad range of civilian and military agencies.

“Howard can bridge these cross functional teams,” Dunkelberger said. “It will be important for Howard to immediately step in and develop a strong working relationship with DOD, [federal CIO] Vivek Kundra and [federal CTO] Aneesh Chopra. Howard’s familiarity with public sector, private sector, large vendors and small innovative companies should be a great asset to this unique position; one that will just expand as our nation’s dependency on cyber communications continues to grow.”

Reader Comments

Mon, Dec 28, 2009 IA Grunt

I am glad we have someone in this position as well, but is he results oriented? If not, we could have placed anyone with a seemingly perfect resume in this position as nothing more than a puppet/figurehead in order for the president to check a box that this was accomplished in 2009... I hope and pray he is a result oriented and makes a huge impact to the security within his first 90-days.

Wed, Dec 23, 2009 Observer jr Washington, DC

You say "widely applauded" in the headline? The evidence provided is: CEOs of two companies where he sits on the board of directors, someone who says he has the skills, a person suspicious of the timing of the announcement (with good reason)as a sign of low influence of the position, and someone noncommittal. Is it reasonable to say that the news-gatherer has actually taken the temperature of the community to justify the headline.

Wed, Dec 23, 2009

Is Jim Ivers always such a whiner? Who cares what date(s) the White House chose to announce the creation and filling of this groundbreaking position. Bottom line: We now have someone in place who will do an outstanding job. A flashier announcement would have just blared to our enemies, "Hey! Here's the guy you want to take out!" I say quiet is good.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above