Cyber Eye: Dueling proposals for improving cybersecurity
- By William Jackson
- Oct 20, 2004
Amit Yoran, then the Homeland Security Department's head of cybersecurity, attended a Sept. 30 event to kick off National Cybersecurity Awareness Month. Asked if the government had put a high enough priority on IT security, Yoran brushed aside the question without an answer.
The answer came later that day in the form of his resignation.
Yoran said publicly that it was time to pursue other interests. But he reportedly was frustrated by the administration's lack of attention to threats against the nation's information infrastructure.
Critics have complained since last year's departure of presidential adviser Howard Schmidt that the White House does not take cybersecurity seriously enough. Schmidt is returning to government, but this time as an adviser acting as a liaison between DHS and the private sector.
Yoran's former position, as director of the National Cyber Security Division in the Directorate of Information Analysis and Infrastructure Protection, is seen as far too low on the organizational chart to effect much change. There have been calls to put a top cybersecurity official back in the White House, closer to the presidential ear.
I'm not convinced that is the best way to improve the nation's cybersecurity posture. Regardless of an official's title or tenure, the White House is an inherently political place.
The president listens to what he wants to hear. An office in the Executive Office Building, or even in the West Wing, does not ensure that the president listens to an adviser's concerns. Inattention at the White House to science issues makes it likely that the position of presidential adviser on IT security would be a dead end.
A more promising solution was proposed last month in bipartisan House legislation. The Cybersecurity Enhancement Act, HR 5068, would create an assistant secretary for cybersecurity in DHS with broad responsibility for coordinating the department's IT security efforts.
The bill, introduced by Reps. Mac Thornberry (R-Texas), chairman of the Select Homeland Security Subcommittee on Cybersecurity, Science, and Research and Development, and ranking member Zoe Lofgren (D-Calif.), would give the proposed assistant secretary primary authority for the department's cybersecurity infrastructure protection programs. That includes response to attacks and restoration of systems, as well as oversight of the National Communications System. The bill is awaiting subcommittee action.
Some DHS employees have described the department as dysfunctional, and under the best of circumstances it would be hard to get a cabinet-level department of such size and complexity up and running in a couple of years. But even under less-than-perfect circumstances, a high-level departmental official with real authority would not have to vie for presidential attention to get things done.
Cybersecurity is too important to be subject to the whims of easily distracted politicians.
William Jackson is freelance writer and the author of the CyberEye blog.