Cybersecurity expert says White House lack of 'czar' is subpar
A Purdue University cybersecurity expert is skeptical that the new U.S. cybersecurity coordinator will have enough clout to serve as more than a glorified cheerleader with the way the White House has created the position.
Professor Eugene H. Spafford, executive director of the Center for Education and Research in Information Assurance and Security (CERIAS), says the coordinator will probably have no authority over budget and policy, and thus will have difficulty getting the attention of cabinet secretaries, agency heads and CEOs.
President Obama announced the creation of the position last Friday when releasing an administration report on national infrastructure and cybersecurity. Spafford says the president did well to highlight some of the major problems involved. However, Spafford said, President Obama's White House announcement falls short of candidate Obama's campaign promises first made at a town hall meeting at Purdue last year.
"The president said that the appointee will have 'regular access' to him. That is not the same as an adviser. And this is a difference that can mean a lot in Washington circles," Spafford said.
Spafford compared the position to a largely ineffectual position in the Bush administration in 2001. He fears the failure to announce an appointment indicates the White House may be having a difficult time filling the new position appropriately. He also has expressed concern that economic advisers will have veto authority over the new position.
"The risk to our nation's cybersecurity is not going to go away with a continuation of minimal investment and wishful thinking," Spafford said. "Given the current stress in the economy, I don't expect any meaningful actions to be approved that cost anything; we will still have the mindset that 'cheapest must be best' or 'it can wait a little longer.' That will simply make the problems more expensive and difficult to fix in later years."
Spafford has worked with government, law enforcement, corporate, and academic officials including two U.S. presidents, the FBI, departments of Justice and Energy, the U.S. Air Force, Microsoft, Intel, Unisys, and the National Science Foundation. He is the 2009 recipient of the Computing Research Association's Distinguished Service Award "for his long and effective leadership on issues of computer security and policy, professional responsibility, and the Internet." He has testified before Congress many times on cybersecurity and has been a source for the major U.S. television networks and media outlets such as The New York Times and Washington Post.