Cybersecurity czar's first task: reboot policy

The Obama White House Tuesday named former Bush aide, Howard Schmidt, as cybersecurity 'czar.' Cyber attacks from within and outside the country pose a growing threat to the US.

December 22, 2009

Newly named cybersecurity "czar” Howard Schmidt, a former executive at eBay and Microsoft, faces the task of reengineering US policy to combat a growing, yet often neglected, threat to the country’s economy and digital infrastructure.

The need for a stronger US cyber-defense policy was highlighted Tuesday by reports that Citibank reportedly lost tens of millions of dollars to Russian computer hackers over the summer. The Wall Street Journal reported that the attack was detected by US investigators “who saw suspicious traffic coming from Internet addresses that had been used by the Russian Business Network, a Russian gang that has sold hacking tools and software for accessing US government systems.” Citibank has denied any breach of security.

“People don’t realize the extent to which the US is being hurt in cyberspace, and it’s mainly economic espionage,” says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. “This is an intelligence battle and it’s a battle with criminals and it’s a battle with other countries.”

Earlier this year, Defense Secretary Robert Gates told “60 Minutes” that the US "is under cyber-attack virtually all the time, every day." The Pentagon is increasing its effort to combat cyber attacks.

A priority for Obama

President Obama made cybersecurity a national priority early in his administration and in May issued a review of current policy in which he called for the appointment of a new cyberczar. In his May 8. speech on the issue, Mr. Obama said cybercrimes have cost Americans $8 billion. "In one brazen act last year, thieves used stolen credit card information to steal millions of dollars from 130 ATM machines in 49 cities around the world -- and they did it in just 30 minutes," he said.

Mr. Schmidt, who will be a member of the National Security Staff, also served as President George W. Bush’s cyberadviser. He was part of a team that helped formulate national cybersecurity policy that experts and the Obama administration say is outdated and in dire need of an overhaul to keep pace with the current threat. The Washington Post reports that Schmidt left the Bush White House because he was "frustrated" that cybersecurity wasn’t being given enough attention.

In crafting a new direction, the Obama administration has called for greater partnerships with the international community as well the private sector to bolster cybersecurity.

Experts have called for more incentives for private industry to increase safeguards of their data and to regularly report incursions into their systems so that federal agencies can track hacker attacks. There's also a need for personal Internet users to be more security conscious, they say, so that their computers do not become infected with viruses that can quickly spread through the Internet.

Delay in finding 'czar'

Many experts were surprised it took seven months since the president’s policy review to appoint a coordinator. Melissa Hathaway, who served as the acting senior director for cyberspace on the National Security Council, reportedly resigned over the delay. Forbes reported in July that as many as three candidates turned down the job.

“[A]t least three people were informally offered the cyber czar post and turned it down, including former Virginia Sen. Tom Davis, Microsoft security executive Scott Charney and Good Harbor Consulting Executive Paul Kurtz,” Forbes reported, after speaking to officials. One reason the czarship has remained unfilled may be that the position has taken a back seat to the economy, the magazine said.

Despite the delay, Mr. Lewis, the cybersecurity expert, says Schmidt has the credentials the White House was looking for – a broad range of both private industry and government experience. (Click here to read more about his background).

Lewis expects him to make working with private sector on new security solutions a priority. “That’s one thing Howard is really good at. He’s a great evangelist. I think we’ll get a lot nudging.”

---

Follow us on Twitter.