December 10th, 2008

Placing bets on proposed cyberczar position

Posted by Richard Koman @ December 10, 2008 @ 8:28 AM

Categories: Obama

Tags: Cybersecurity, CRN, Powell, Government, Security, Richard Koman

President-elect Obama should appoint a Center for Cybersecurity Operations and appoint a cyberczar to oversee its operations, according to a report by the U.S. Commission on Cybersecurity. According to Business Week:

Active policing of government and corporate networks would include new rules and a “red team” to test computers for vulnerabilities now being exploited with increasing sophistication and frequency by identity and credit card thieves, bank fraudsters, crime rings, and electronic spies.

And this is on top of the proposed national CTO. So who would be the new cyberczar? CRN has an admirable list, notable for not throwing out marquee names like Bill Joy but focused on people in the security trenches. Among their short list:

• Symantec CEO John Thompson, with 10 years experience of managing top security researchers.
• Richard Clarke, famously fired counter-terrorism expert.
• Howard Schmidt, who’s served in cybersecurity roles in government and at eBay and Microsoft.
• Scott Charney, head of Microsoft’s Trustworthy Computing Group.
• Colin Powell. OK, not all of CRN picks are sensible and non-marquee. Powell’s name is just being thrown around because so many people want to resurrect his legacy with a post in the new Administration.
• Patrick Fitzgerald, who just delivered indictments of Illinois governor Rod Blagojevich, is another marquee name who makes no sense as a cybersecurity czar. He’s a prosecutor, not a bureaucrat.

The job will require top technology chops and the ability to successfully bring multiple agencies to the table, to coordinate, to agree on standards, to interact with the private sector much more than ever before. Thus, I like a seasoned technology manager from the corporate world with extensive government contacts, someone who understands security, understands management, understands both the government and the private sector. So far, that sounds like Thompson, but there are some other good corporate names floating around as well.