Feds eye new cybersecurity post

For the last few years, it hasn't always been clear who in the U.S. government is responsible for overseeing national "cybersecurity" efforts--and how long that person will stick around.

First there was Richard Clarke, a veteran of the Clinton and first Bush administrations who left the post with a lucrative book deal. Clarke effectively was succeeded in quick succession by Howard Schmidt, known for testifying in favor of the Communications Decency Act, then Amit Yoran and Robert Liscouski.

Now Congress may try to quell some of the turmoil over at the Department of Homeland Security by creating a more prestigious post. On Tuesday, the House of Representatives is scheduled to begin deliberating a proposal for an assistant secretary for cybersecurity.

The position, long a favorite of congressional security hawks, would require an appointment by the president and confirmation by Congress. Whoever fills it will be responsible for coordinating with other federal agencies, some of which have had spotty records in the past.

In a recent interview with CNET News.com, Rep. Chris Cox, a California Republican, said today's cybersecurity post needs a promotion. "That's of course something that we have been pushing hard for in the Homeland Security committee over the last two years, elevating the profile of cyber inside the Department of Homeland Security and inside the federal government."

According to the House bill, the assistant secretary would be charged with creating a "national cybersecurity response system" that would evaluate U.S. critical infrastructure and "aid in the detection and warning of attacks" on it.

Currently the department's chief cybersecurity official is a low-to-mid-level official who is two levels of bureaucracy removed from Secretary Michael Chertoff. An assistant secretary would have more access to Chertoff.

The assistant secretary proposal is part of a broader homeland security bill for the 2006 fiscal year. It also requires the department to establish a National Terrorism Exercise Program to "prevent" and "recover from" terrorist acts, including cybersecurity breaches.

[Titos 2 Cents]

It's about time

The cybersecurity post should have a higher priority than it has been given, particularly with the dramatic growth of technology as it relates to communications, classified information transfer, data storage, and access. This holds true for government and commercial activities.

Whoever gets the nod for the new post has quite the uphill battle. Hopefully they will go beyond industry experts and commercial solution providers and get some input, however subjective, from the trenches. Talk with the folks who peruse Astalavista and the other "security" portals - there is a valuable untapped resource that could be providing tomorrow's solutions. You can be sure that they are undoubtedly educating tomorrow's problem.