Position's direct line to the president would give cybersecurity more clout, but how much is unclear.
Barack Obama's pledge on Thursday to appoint, if elected president, a national cyber adviser who will report to him directly would be in sharp contrast to the strategy taken by the Bush administration, who many criticize for burying the cyber chief deep within the Homeland Security Department.
Comment on this article in The Forum."As president, I'll make cybersecurity the top priority that it should be in the 21st century," Obama said during a summit on national security at Purdue University. "I'll declare our cyber-infrastructure a strategic asset, and appoint a national cyber adviser, who will report directly to me. We'll coordinate efforts across the federal government, implement a truly national cybersecurity policy and tighten standards to secure information -- from the networks that power the federal government to the networks that you use in your personal lives."
Obama's recommendations are similar to those made by security analysts and former cybersecurity officials in the Bush administration, and perhaps are due in part to his dream team advising him in this area, said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies and a Clinton administration technology policy official.
Among those advising Obama on security is Richard Clarke, former counterterrorism czar in the Clinton and Bush administrations. He and others have publically criticized the White House for not making cybersecurity a priority, and for limiting the amount of authority the position has had over governmentwide cybersecurity policy.
The top cybersecurity position in government has risen in stature in the Bush administration, albeit slowly. Gregory Garcia, assistant secretary of cybersecurity and telecommunications, reports to Robert Jamison, undersecretary for the National Protection and Programs Directorate. Jamison reports to Homeland Security Secretary Michael Chertoff, who reports to President Bush. Three steps away from the president.
Before Garcia's appointment in September 2006, the post was vacant for two years. At the time, the position carried the title of director of the national cybersecurity division and reported to the assistant secretary of infrastructure protection, which is one level down from reporting to the undersecretary.
Amit Yoran held that position for only one year, leaving Sept. 30, 2004. Security analysts familiar with the situation said Yoran left because he was frustrated by not being able to institute changes. Yoran, who is currently chief executive officer of NetWitness, a network security company, says elevating the cybersecurity chief to report to the president gives security officials more leverage.
"If you have a special adviser to the president say, 'This is the way we're going to address incident response concerns across the government,' people listen and execution happens," he said. The appropriate person for the position would need expertise in cybersecurity as well as experience maneuvering within the Washington bureaucracy, Yoran added.
Cybersecurity, Yoran said, should have a higher profile in the next administration. "This is a growing and evolving issue, as we adopt technology to make government more efficient," he said. "It's not that cybersecurity has been ignored, but there was a point in time where damage was done. We're hopefully seeing a candidate seize this as an opportunity to provide a more strategic, better coordinated effort."
Obama didn't offer details on how a cybersecurity adviser would work within his administration if elected. His security plan includes the appointment of a White House coordinator for nuclear security, but Obama gave no indication that the national cyber adviser would work within the White House.
"They were intentionally ambiguous, [providing] some wiggle room," Lewis said. "This position could sit at DHS, but still report to the president. The plans are careful to not place them in the White House."
Still, having the president's ear might not be good enough to effect change if authority and influence don't come with the job, said Bruce McConnell, who served three administrations as an adviser on national information society issues. He and Yoran recommended that the adviser hold a senior-level position within the National Security Council, which is the president's principal forum for considering national security and foreign policy issues with senior advisers and Cabinet officials. The council also helps coordinate policies among federal agencies.
"To be effective, the adviser must be hard-wired into the decision structure," said McConnell, now president of consulting firm McConnell International.