Experts fear securing digital infrastructure may be less of a federal priority
White House cybersecurity adviser Howard Schmidt will step down from his post at the end of the month. The move comes only two months after Richard Clarke resigned as special adviser to the president for cyberspace security, shortly after the release of the Bush administration's strategy to secure cyberspace. Security analysts and vendors worry that cybersecurity is less of a priority for the federal government and that there will be no single administration official focused on getting the private and public sectors working together to secure the nation's digital infrastructure.
"It's a revolving door at the top," says Pete Lindstrom, research director at Spire Security. "Is that indicative of the lack of authority of the position?"
The top cybersecurity official in the administration after Schmidt's expected departure will be Robert Liscouski. As assistant secretary of infrastructure protection at the Homeland Security Department, Liscouski has responsibility for securing both the country's physical and digital infrastructures.
Maria Cirino, CEO of security-services firm Guardent Inc., says cybersecurity is unique and critical enough to deserve its own high-level advocate. "Ultimately, this needs dedicated cabinet-level attention," she says. While both Schmidt and Clarke brought attention to the critical issue of securing cyberspace, Cirino would like to see that effort continued with the federal government adding legislative teeth that would force companies to pay more attention to securing their networks. "We see how serious companies affected by [the Health Insurance Portability and Accountability Act] and [Gramm-Leach-Bliley Act] take information security," she says.
Top-level turnover indicates a lack of clout to effect real change, says Spire Security's Lindstrom. "They tried to create a position that held responsibility, but not necessarily any authority," he says. This is the same challenge many chief information security officers face. "Outside of financial services, most CISOs don't have authority to secure specific platforms," Lindstrom says. "They have responsibility for the security, but no authority to put in operational control measures."
The Department of Homeland Security has brought many groups responsible for IT security under its fold. The Critical Infrastructure Assurance Office is now within the Information Analysis and Information Protection Directorate, as is the National Infrastructure Protection Center and the Federal Computer Incident Response Center.
Liscouski is in a good position to coordinate the country's cybersecurity efforts, says Thomas Noonan, chairman, president, and CEO of Internet Security Systems Inc., a security services and software provider. Noonan sits on the National Infrastructure Advisory Committee, which makes recommendations to the president about the security of the nation's information systems. "Schmidt built the momentum, but in the long term, the critical infrastructure is so intertwined with cybersecurity that it's impossible to separate the two," Noonan says.
However, some still wonder about the feds' depth of commitment to securing the country's digital infrastructure. Says Guardent's Cirino: "This high-profile departure, without much information about who will be filling it, has a lot of people worried that cybersecurity is losing focus within the administration."
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.