recommended reading

Security analysts praise Obama's pledge for a cyber chief

Barack Obama's pledge on Thursday to appoint, if elected president, a national cyber adviser who will report to him directly would be in sharp contrast to the strategy taken by the Bush administration, who many criticize for burying the cyber chief deep within the Homeland Security Department.

Comment on this article in The Forum."As president, I'll make cybersecurity the top priority that it should be in the 21st century," Obama said during a summit on national security at Purdue University. "I'll declare our cyber-infrastructure a strategic asset, and appoint a national cyber adviser, who will report directly to me. We'll coordinate efforts across the federal government, implement a truly national cybersecurity policy and tighten standards to secure information -- from the networks that power the federal government to the networks that you use in your personal lives."

Obama's recommendations are similar to those made by security analysts and former cybersecurity officials in the Bush administration, and perhaps are due in part to his dream team advising him in this area, said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies and a Clinton administration technology policy official.

Among those advising Obama on security is Richard Clarke, former counterterrorism czar in the Clinton and Bush administrations. He and others have publically criticized the White House for not making cybersecurity a priority, and for limiting the amount of authority the position has had over governmentwide cybersecurity policy.

The top cybersecurity position in government has risen in stature in the Bush administration, albeit slowly. Gregory Garcia, assistant secretary of cybersecurity and telecommunications, reports to Robert Jamison, undersecretary for the National Protection and Programs Directorate. Jamison reports to Homeland Security Secretary Michael Chertoff, who reports to President Bush. Three steps away from the president.

Before Garcia's appointment in September 2006, the post was vacant for two years. At the time, the position carried the title of director of the national cybersecurity division and reported to the assistant secretary of infrastructure protection, which is one level down from reporting to the undersecretary.

Amit Yoran held that position for only one year, leaving Sept. 30, 2004. Security analysts familiar with the situation said Yoran left because he was frustrated by not being able to institute changes. Yoran, who is currently chief executive officer of NetWitness, a network security company, says elevating the cybersecurity chief to report to the president gives security officials more leverage.

"If you have a special adviser to the president say, 'This is the way we're going to address incident response concerns across the government,' people listen and execution happens," he said. The appropriate person for the position would need expertise in cybersecurity as well as experience maneuvering within the Washington bureaucracy, Yoran added.

Cybersecurity, Yoran said, should have a higher profile in the next administration. "This is a growing and evolving issue, as we adopt technology to make government more efficient," he said. "It's not that cybersecurity has been ignored, but there was a point in time where damage was done. We're hopefully seeing a candidate seize this as an opportunity to provide a more strategic, better coordinated effort."

Obama didn't offer details on how a cybersecurity adviser would work within his administration if elected. His security plan includes the appointment of a White House coordinator for nuclear security, but Obama gave no indication that the national cyber adviser would work within the White House.

"They were intentionally ambiguous, [providing] some wiggle room," Lewis said. "This position could sit at DHS, but still report to the president. The plans are careful to not place them in the White House."

Still, having the president's ear might not be good enough to effect change if authority and influence don't come with the job, said Bruce McConnell, who served three administrations as an adviser on national information society issues. He and Yoran recommended that the adviser hold a senior-level position within the National Security Council, which is the president's principal forum for considering national security and foreign policy issues with senior advisers and Cabinet officials. The council also helps coordinate policies among federal agencies.

"To be effective, the adviser must be hard-wired into the decision structure," said McConnell, now president of consulting firm McConnell International.

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.