recommended reading

Security analysts praise Obama's pledge for a cyber chief

Barack Obama's pledge on Thursday to appoint, if elected president, a national cyber adviser who will report to him directly would be in sharp contrast to the strategy taken by the Bush administration, who many criticize for burying the cyber chief deep within the Homeland Security Department.

Comment on this article in The Forum."As president, I'll make cybersecurity the top priority that it should be in the 21st century," Obama said during a summit on national security at Purdue University. "I'll declare our cyber-infrastructure a strategic asset, and appoint a national cyber adviser, who will report directly to me. We'll coordinate efforts across the federal government, implement a truly national cybersecurity policy and tighten standards to secure information -- from the networks that power the federal government to the networks that you use in your personal lives."

Obama's recommendations are similar to those made by security analysts and former cybersecurity officials in the Bush administration, and perhaps are due in part to his dream team advising him in this area, said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies and a Clinton administration technology policy official.

Among those advising Obama on security is Richard Clarke, former counterterrorism czar in the Clinton and Bush administrations. He and others have publically criticized the White House for not making cybersecurity a priority, and for limiting the amount of authority the position has had over governmentwide cybersecurity policy.

The top cybersecurity position in government has risen in stature in the Bush administration, albeit slowly. Gregory Garcia, assistant secretary of cybersecurity and telecommunications, reports to Robert Jamison, undersecretary for the National Protection and Programs Directorate. Jamison reports to Homeland Security Secretary Michael Chertoff, who reports to President Bush. Three steps away from the president.

Before Garcia's appointment in September 2006, the post was vacant for two years. At the time, the position carried the title of director of the national cybersecurity division and reported to the assistant secretary of infrastructure protection, which is one level down from reporting to the undersecretary.

Amit Yoran held that position for only one year, leaving Sept. 30, 2004. Security analysts familiar with the situation said Yoran left because he was frustrated by not being able to institute changes. Yoran, who is currently chief executive officer of NetWitness, a network security company, says elevating the cybersecurity chief to report to the president gives security officials more leverage.

"If you have a special adviser to the president say, 'This is the way we're going to address incident response concerns across the government,' people listen and execution happens," he said. The appropriate person for the position would need expertise in cybersecurity as well as experience maneuvering within the Washington bureaucracy, Yoran added.

Cybersecurity, Yoran said, should have a higher profile in the next administration. "This is a growing and evolving issue, as we adopt technology to make government more efficient," he said. "It's not that cybersecurity has been ignored, but there was a point in time where damage was done. We're hopefully seeing a candidate seize this as an opportunity to provide a more strategic, better coordinated effort."

Obama didn't offer details on how a cybersecurity adviser would work within his administration if elected. His security plan includes the appointment of a White House coordinator for nuclear security, but Obama gave no indication that the national cyber adviser would work within the White House.

"They were intentionally ambiguous, [providing] some wiggle room," Lewis said. "This position could sit at DHS, but still report to the president. The plans are careful to not place them in the White House."

Still, having the president's ear might not be good enough to effect change if authority and influence don't come with the job, said Bruce McConnell, who served three administrations as an adviser on national information society issues. He and Yoran recommended that the adviser hold a senior-level position within the National Security Council, which is the president's principal forum for considering national security and foreign policy issues with senior advisers and Cabinet officials. The council also helps coordinate policies among federal agencies.

"To be effective, the adviser must be hard-wired into the decision structure," said McConnell, now president of consulting firm McConnell International.

Threatwatch Alert

Stolen laptop

Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.