[Infowarrior] - Obama Cyber Czar Digs in For Long Haul

[Richard Forno]

www.esecurityplanet.com/news/article.php/3861231

Obama Cyber Czar Digs in For Long Haul
By Kenneth Corbin
January 27, 2010

WASHINGTON--Barely one month into the job, Howard Schmidt is getting  
an idea of just how big a task he has ahead of him.

Schmidt, whom President Obama tapped late last year to serve as the  
administration's senior director for cybersecurity, today laid out an  
ambitious agenda for revamping the government's approach to shoring up  
the country's digital infrastructure.

For the seven months that the position remained unfilled, observers  
opined about the difficulty the individual selected would encounter in  
trying to bring together the various federal agencies, Congress and  
the military to develop a coherent cybersecurity strategy.

But Schmidt, a former top executive at Microsoft (NASDAQ: MSFT) and  
eBay (NASDAQ: EBAY) who has also headed up cybersecurity under the  
Bush administration, made it plain today that he has the mandate to do  
the job.

"The president's been very, very clear in designating me as his lead  
policy official in cyberspace security in the federal government,"  
Schmidt said in a speech here at the State of the Net conference, an  
annual tech policy event hosted by the Congressional Internet Caucus.

In large measure, Schmidt's address today mirrored the plan Obama laid  
out in May, when he released the results of a sweeping cybersecurity  
review he commissioned early in his tenure and announced his plans to  
create the cyber coordinator position.

Like Obama, Schmidt stressed that cybersecurity is as much a security  
priority as it is an economic one, particularly as digital networks  
increasingly become the backbone for global commerce. That belief is  
reflected in Schmidt's dual reporting structure, as he serves on both  
the National Economic Council and national security staff.

As Schmidt circulates around Washington taking in briefings and  
meeting with agency and legislative staffers, he is laying the  
groundwork for what is intended to be a coordinated defense and  
response plan. He said he hopes to ensure that plan "also includes  
making sure we translate the strategy from the high-level points in  
any strategy to how do we execute."

A part of that execution strategy will be a vigorous public education  
campaign to promote cybersecurity awareness.

Schmidt also said the administration is taking a particularly hard  
look at the supply chain in an effort to firm up U.S. systems,  
describing the complex global network through which electronic  
components-which could come pre-loaded with vulnerabilities-enter the  
country as a "spider web."

But at the same time, he is pragmatic enough to acknowledge that words  
like "perfect" or complete" don't apply to cybersecurity.

"We will never have 100 percent absolute security and still have an  
open society," Schmidt said. "There's no way you can look at absolutes  
in this space."

In addition to coordinating among government institutions, Schmidt is  
also trying to widen the bridge between the public and private  
sectors. That includes devising new methods for sharing threat  
information and pooling resources, as well as outreach programs to  
ensure that businesses of all sizes are taking security seriously  
without breaking their budgets just to shore up their systems.

Schmidt also spoke of the administration's commitment to protect  
digital infrastructure without compromising citizens' privacy.

"Privacy and security are two sides of the same coin," he said.  
"Without security we have no privacy."