What's Happening in Information Security

Making decisions on what to prioritize, how much to spend on enterprise security is often motivated by fear - fear of headlines, fear of audit results, fines or legal action. In the second part of this series on cybersecurity and the new Coordinator, Howard Schmidt, Warren Axelrod shares his hopes for Schmidt, his concerns for how fragile the security of the world really is and what we can expect.

From the desk of Warren Axelrod:  Perhaps the real problem with advocating cyber security measures is that fear of a cyber event is much less horrific in people’s minds than a physical terrorist attack in which individuals are injured or killed. It is extremely difficult to convince policy makers and those controlling the purse strings that the economic impact of a major cyber attack might be far greater than for a physical attack, and understandably so. In this regard, the new national cyber security coordinator has his work cut out for him.

 

I think that it is very important to recognize that Mr. Schmidt’s position is that of a coordinator, not a “czar.” That is to say, he is tasked with bringing all the various pockets of expertise and capability together to address the challenge of protecting the Nation’s critical cyber infrastructure. The expectation of previous incumbents in the so-called cyber security czar role was to have the power and the resources to effect progress in the back-sliding effort of the United States in protecting its cyber environment. However, the resources lie elsewhere, as was graphically depicted in Rod Beckstrom’s leaked letter of resignation, which you can read at http://epic.org/linkedfiles/ncsc_directors_resignation1.pdf 

In short, Mr. Beckstrom expressed disappointment that he was unable to assemble a large enough group to achieve what he believed he had been expected to accomplish.

 

Given that the now-defined role of Cyber Security Coordinator is one of bringing together all the various interests and capabilities within and between government and the private sector, I happen to believe that Howard Schmidt is particularly well qualified for the job.

More than anyone else whom I know, Howard has experience in many segments of the public and private sectors in many roles and with varied responsibilities. His résumé is outstanding in this regard. Not only has he actually worked in the private sector, for Microsoft and eBay, but he has experienced first-hand a White House role (along with Richard Clarke). In addition, he has served the information security profession well as a leader of organizations such as the ISSA and ISF. There is no question in my mind as to his outstanding commitment to the information security profession and the protection of the Nation’s cyber infrastructure.

 

The issue on the table is whether he can be effective in what I consider to be our last remaining opportunity to shore up the networks and systems upon which we have become so dependent.

Tell us what you think about Howard Schmidt's chances and check back here tomorrow for the conclusion of this series on cybersecurity.