Experts fear securing digital infrastructure may be less of a federal priority
White House cybersecurity adviser Howard Schmidt will step down from his post at the end of the month. The move comes only two months after Richard Clarke resigned as special adviser to the president for cyberspace security, shortly after the release of the Bush administration's strategy to secure cyberspace. Security analysts and vendors worry that cybersecurity is less of a priority for the federal government and that there will be no single administration official focused on getting the private and public sectors working together to secure the nation's digital infrastructure.
"It's a revolving door at the top," says Pete Lindstrom, research director at Spire Security. "Is that indicative of the lack of authority of the position?"
The top cybersecurity official in the administration after Schmidt's expected departure will be Robert Liscouski. As assistant secretary of infrastructure protection at the Homeland Security Department, Liscouski has responsibility for securing both the country's physical and digital infrastructures.
Maria Cirino, CEO of security-services firm Guardent Inc., says cybersecurity is unique and critical enough to deserve its own high-level advocate. "Ultimately, this needs dedicated cabinet-level attention," she says. While both Schmidt and Clarke brought attention to the critical issue of securing cyberspace, Cirino would like to see that effort continued with the federal government adding legislative teeth that would force companies to pay more attention to securing their networks. "We see how serious companies affected by [the Health Insurance Portability and Accountability Act] and [Gramm-Leach-Bliley Act] take information security," she says.
Top-level turnover indicates a lack of clout to effect real change, says Spire Security's Lindstrom. "They tried to create a position that held responsibility, but not necessarily any authority," he says. This is the same challenge many chief information security officers face. "Outside of financial services, most CISOs don't have authority to secure specific platforms," Lindstrom says. "They have responsibility for the security, but no authority to put in operational control measures."
The Department of Homeland Security has brought many groups responsible for IT security under its fold. The Critical Infrastructure Assurance Office is now within the Information Analysis and Information Protection Directorate, as is the National Infrastructure Protection Center and the Federal Computer Incident Response Center.
Liscouski is in a good position to coordinate the country's cybersecurity efforts, says Thomas Noonan, chairman, president, and CEO of Internet Security Systems Inc., a security services and software provider. Noonan sits on the National Infrastructure Advisory Committee, which makes recommendations to the president about the security of the nation's information systems. "Schmidt built the momentum, but in the long term, the critical infrastructure is so intertwined with cybersecurity that it's impossible to separate the two," Noonan says.
However, some still wonder about the feds' depth of commitment to securing the country's digital infrastructure. Says Guardent's Cirino: "This high-profile departure, without much information about who will be filling it, has a lot of people worried that cybersecurity is losing focus within the administration."
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.