Thursday marks a dubious anniversary in the Homeland Security Department's brief history. A year ago Secretary Michael Chertoff, as part of a department-wide restructuring, announced he would appoint an assistant secretary for cybersecurity and telecommunications. Today that position remains unfilled.
Chertoff elevated the position of national cybersecurity czar from a director-level position to that of an assistant secretary. This would give cybersecurity protection a higher profile within the Department of Homeland Security and give the person in charge of cybersecurity the ear of the undersecretary of the Preparedness Directorate, a level of access surpassing what was available to previous cybersecurity czars.
Under Chertoff's plan, the assistant secretary for cybersecurity and telecommunications would be responsible for identifying and assessing the vulnerability of critical telecommunications infrastructure and assets. The assistant secretary would also be called upon to gather critical-infrastructure threat information and lead the national response to cyber and telecommunications attacks.
Of course, Homeland Security needs to fill the post first. "I'm without an excuse or a reason as to why this hasn't been done," says Paul Kurtz, executive director of the Cyber Security Industry Alliance and a former member of the Bush White House's National Security Council.
The highest-ranking cybersecurity official in the government is Andy Purdy, acting director for the National Cyber Security Division, and he functions several rungs on the Homeland Security organizational chart below the secretary. One of Purdy's predecessors, Amit Yoran, was in September 2003 appointed by then-Secretary Tom Ridge as director of the National Cyber Security Division. Within a year, Yoran, a former VP with Symantec, resigned in frustration over what he considered a lack of attention paid to computer security issues within the agency.
For Chertoff to create a high-level cybersecurity position but neglect to fill that position after a year indicates that the Bush administration places a higher value on physical security than it does on the nation's information infrastructure. Meanwhile, the country lacks a leader with the clout to coordinate communications in the event of a massive IT disruption. "We don't have an established strategy for how we will communicate with each other in the event of an emergency," Kurtz says, citing the federal government's slow response last year to Hurricane Katrina.
While Homeland Security has yet to fill its highest-level technology position, the Commerce Department Thursday announced that Undersecretary for Technology Robert Cresanti is taking on the added role of Chief Privacy Officer. Cresanti becomes the highest-ranking Chief Privacy Officer in the federal government and will oversee departmental activities related to the development and implementation of federal privacy laws, policies, and practices. Cresanti is also expected to coordinate his work with that of the department's newly appointed CIO, Barry West.