Imagine a systematic way of securing the enterprise or protecting information assets. Could it be that enterprise security will always be reactive? Is it far fetched to think that proactive practices to protect information assets might be the norm in the future? Warren Axelrod shares some insights on cybersecurity, Obama's new cyber chief - Howard Schmidt and his hopes for Schmidt, and the impact he can have on security programs across the board. This is the first of a two part feature from the desk of Warren Axelrod:
If the recent airplane terrorist incident is any indication, we continue to forge ahead with our security programs, in both physical and cyber worlds, with our eyes and minds concentrating on the rear view mirror. Consequently I was pleased to see that the December 29, 2009 New York Times featured an Op-Ed article, “After Eight Years, Terrorists Still Fly,” by Clark Kent Ervin (any relation to Superman?). As Mr. Ervin, who was Inspector General for both the Departments of State and Homeland Security, aptly states with respect to airline terrorism:
“We always seem to be at least one step behind the terrorists. They find one security gap … and we close that one, and then wait for them to exploit another. Why not identify all the vulnerabilities and then address each one before the terrorists strike again?”
This is at least equally the case with cyber security. My co-editors, Jennifer Bayuk and Dan Schutzer, and I drew attention to this in our book, Enterprise Information Security and Privacy (Artech House, 2009). The book is featured in the Intellitactics podcast “Busting Security Myths” available at www.intellitactics.com/int/research/podcasts.asp. My favorite quote, which was used in the book, is by Marshall McLuhan, who said:
“Our Age of Anxiety is, in great part, the result of trying to do today’s job with yesterdays tools and yesterday’s concepts.”
So what does this all have to do with Howard Schmidt?
Howard was appointed to the role of Cyber Security Coordinator by the Obama Administration on December 22, 2009, following a prolonged search beginning on May 29, 2009. On that day President Obama announced the position in a much-heralded speech on cyber security. While I don’t have any inside information on this, I would guess that some of the delay resulted from having to decide whether the cyber security position should report to the National Economic Council (NEC) as well as to the National Security Council (NSC).
I was pleased to see that the eventual position does not matrix report to White House economic advisor Larry Summers, head of the NEC, since I (as someone with a Masters degree in economics) question whether many economists really understand information technology and security issues. However, it should be noted that, in a December 21, 2009 article in The Huffington Post, with the title “Howard A. Schmidt Tapped To Be Obama’s Cybersecurity Czar,” Lolita C. Baldor reports that “Schmidt will … closely support the National Economic Council on cyber issues.” The article also points out that Larry Summers reportedly preferred candidate Schmidt.
While we don’t know exactly what the relationship will be, I believe that it is appropriate that the role supports the NEC but is not guided by it. We shall have to wait to see what happens in this regard.
What do you think Howard Schmidt's top priority should be? Check back tomorrow for more on cybersecurity, Schmidt and more.
Powered by Compendium Blogware
Comments for Terrorists Still Fly and Other Cybersecurity Lessons