[Infowarrior] - Deal for Cybersecurity Chief Questioned

Richard Forno rforno at infowarrior.org
Wed Jun 28 10:09:31 EDT 2006 

Deal for Cybersecurity Chief Questioned
http://www.washingtonpost.com/wp-dyn/content/article/2006/06/28/AR2006062800
240_pf.html

By TED BRIDIS
The Associated Press
Wednesday, June 28, 2006; 7:23 AM

WASHINGTON -- The Bush administration's cybersecurity chief is being paid
$577,000 under a two-year agreement with the university that employs him and
also does extensive business with the federal office he manages.

Donald "Andy" Purdy Jr. has been acting director of the Homeland Security
Department's National Cyber Security Division for 21 months. His contract,
which has drawn attention from members of Congress, is paying him more than
the $175,000 annual salary that Homeland Security Secretary Michael Chertoff
earns.

Purdy is employed by Carnegie Mellon University in Pittsburgh, which has
loaned him to the Homeland Security Department in exchange for the
government paying nearly all of his salary. Meanwhile, Purdy's cybersecurity
division has paid Carnegie Mellon $19 million in contracts this year, almost
one-fifth the unit's total budget.

Purdy said he has not been involved in discussions over his office's
business deals with the school.

Some lawmakers who oversee the Homeland Security Department questioned the
decision to hire Purdy as acting cybersecurity director. They noted enduring
criticism by industry experts and congressional investigators over the
department's performance on cybersecurity matters.

Purdy's contract "raises questions about whether the American people are
getting their money's worth," Democratic Reps. Bennie Thompson of
Mississippi and Loretta Sanchez and Zoe Lofgren, both of California, wrote
in a letter to Republicans.

Purdy, a longtime attorney who has held a number of state and federal legal
and managerial jobs, has no formal, technical background in computer
security.

His two-year contract expires in October, but he said it could be extended
two more years. Under the contract, the government pays Purdy $245,481 in
salary and benefits _ but not including travel reimbursements _ with
Carnegie Mellon paying $43,320. The Associated Press obtained a copy of
Purdy's contract.

Purdy said his salary was commensurate with those of some other government
contractors. Purdy works four levels below Chertoff within the Homeland
Security Department and controls a budget of roughly $107 million and as
many as 44 full-time federal employees.

"Frankly, it's a very competitive market place out there, and I could make a
lot more in the private sector," said Purdy, a former White House
cybersecurity adviser and the former top lawyer at the U.S. Sentencing
Commission.

Purdy's former boss and predecessor as cybersecurity chief, Amit Yoran,
earned $131,342 before he resigned abruptly in October 2004. Chertoff agreed
one year ago to create a position of DHS assistant secretary over
cybersecurity, but the job hasn't been filled.

"Andy has done a pretty good job under the circumstances, working in an
'acting' capacity and buried in the bureaucracy of the department," said
Shannon Kellogg, director of government affairs for RSA Security Inc., a
leading security firm. "He's had one of the tougher jobs in America."

Carnegie Mellon is highly regarded among experts who study hacker attacks
and software flaws. Its Software Engineering Institute works closely with
the Defense Department, which last year renewed a five-year, $411 million
contract with the research center.

The university declined to comment on Purdy's salary, citing employee
confidentiality. It said it has avoided discussing government contracts with
Purdy in his role as chief of the cybersecurity office that awards those
contracts.

The Homeland Security Department said Purdy consulted with ethics lawyers
when he signed his contract. Purdy is so assiduous about avoiding potential
conflicts that he leaves the room when employees discuss contracts related
to Carnegie Mellon's work, said one DHS official, who spoke on condition of
anonymity because this official is not authorized to speak with reporters.

Among other activities, Carnegie Mellon helps run the U.S. Computer
Emergency Response Team, which sends urgent e-mails to subscribers about
major virus outbreaks and other Internet attacks as they occur, along with
detailed instructions to help computer users protect themselves.

___

On the Net:

Homeland Security: http://www.dhs.gov

U.S. Computer Emergency Response Team: http://www.us-cert.gov

Carnegie Mellon Software Engineering Institute: http://www.sei.cmu.edu

More information about the Infowarrior mailing list