recommended reading

Security analysts praise Obama's pledge for a cyber chief

Barack Obama's pledge on Thursday to appoint, if elected president, a national cyber adviser who will report to him directly would be in sharp contrast to the strategy taken by the Bush administration, who many criticize for burying the cyber chief deep within the Homeland Security Department.

Comment on this article in The Forum."As president, I'll make cybersecurity the top priority that it should be in the 21st century," Obama said during a summit on national security at Purdue University. "I'll declare our cyber-infrastructure a strategic asset, and appoint a national cyber adviser, who will report directly to me. We'll coordinate efforts across the federal government, implement a truly national cybersecurity policy and tighten standards to secure information -- from the networks that power the federal government to the networks that you use in your personal lives."

Obama's recommendations are similar to those made by security analysts and former cybersecurity officials in the Bush administration, and perhaps are due in part to his dream team advising him in this area, said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies and a Clinton administration technology policy official.

Among those advising Obama on security is Richard Clarke, former counterterrorism czar in the Clinton and Bush administrations. He and others have publically criticized the White House for not making cybersecurity a priority, and for limiting the amount of authority the position has had over governmentwide cybersecurity policy.

The top cybersecurity position in government has risen in stature in the Bush administration, albeit slowly. Gregory Garcia, assistant secretary of cybersecurity and telecommunications, reports to Robert Jamison, undersecretary for the National Protection and Programs Directorate. Jamison reports to Homeland Security Secretary Michael Chertoff, who reports to President Bush. Three steps away from the president.

Before Garcia's appointment in September 2006, the post was vacant for two years. At the time, the position carried the title of director of the national cybersecurity division and reported to the assistant secretary of infrastructure protection, which is one level down from reporting to the undersecretary.

Amit Yoran held that position for only one year, leaving Sept. 30, 2004. Security analysts familiar with the situation said Yoran left because he was frustrated by not being able to institute changes. Yoran, who is currently chief executive officer of NetWitness, a network security company, says elevating the cybersecurity chief to report to the president gives security officials more leverage.

"If you have a special adviser to the president say, 'This is the way we're going to address incident response concerns across the government,' people listen and execution happens," he said. The appropriate person for the position would need expertise in cybersecurity as well as experience maneuvering within the Washington bureaucracy, Yoran added.

Cybersecurity, Yoran said, should have a higher profile in the next administration. "This is a growing and evolving issue, as we adopt technology to make government more efficient," he said. "It's not that cybersecurity has been ignored, but there was a point in time where damage was done. We're hopefully seeing a candidate seize this as an opportunity to provide a more strategic, better coordinated effort."

Obama didn't offer details on how a cybersecurity adviser would work within his administration if elected. His security plan includes the appointment of a White House coordinator for nuclear security, but Obama gave no indication that the national cyber adviser would work within the White House.

"They were intentionally ambiguous, [providing] some wiggle room," Lewis said. "This position could sit at DHS, but still report to the president. The plans are careful to not place them in the White House."

Still, having the president's ear might not be good enough to effect change if authority and influence don't come with the job, said Bruce McConnell, who served three administrations as an adviser on national information society issues. He and Yoran recommended that the adviser hold a senior-level position within the National Security Council, which is the president's principal forum for considering national security and foreign policy issues with senior advisers and Cabinet officials. The council also helps coordinate policies among federal agencies.

"To be effective, the adviser must be hard-wired into the decision structure," said McConnell, now president of consulting firm McConnell International.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.