As the Department of Homeland Security prepares to name a leader for its National Cyber Security Division, observers in Washington and the private sector say DHS hiring process has set up the new NCSD head to fail.
"Its been the most closed process Ive ever seen," said Harris Miller, president of the Information Technology Association of America, in Arlington, Va. "They asked for names, and we gave them some, but theres been no rebound. Its not clear how much respect security has in this administration."
From the time DHS Secretary Tom Ridge announced the creation of the NCSD in June, the security community has been buzzing with speculation about who would be picked to lead the division. DHS officials asked industry leaders to recommend candidates and promised to ask for feedback as they continued to narrow the pool. Many people praised the department for seeking outside input.
However, DHS officials never got back to any of the people who recommended candidates, and several people who were at the top of many lists for the job said they never heard from the department. With the search dragging on for more than two months so far, the shroud of secrecy has baffled many in the security community with whom the NCSD head will need to work closely.
In a television appearance last week, Ridge said that the appointment was imminent. "That name has been submitted to the White House, and it should be filled shortly," Ridge said, declining to name the candidate.
Among the people whose names are often mentioned in connection with the NCSD job is Guy Copeland, vice president of infrastructure protection programs at Computer Sciences Corp., in Falls Church, Va. Copeland said he was never contacted by DHS. Another, Mary Ann Davidson, chief security officer at Oracle Corp., in Redwood Shores, Calif., said she was approached by the department but told them she was not interested.
Another name that has surfaced recently is that of Amit Yoran, vice president of managed security services operations at Symantec Corp., in Cupertino, Calif. Yoran is a veteran of the Department of Defense, where he ran the Vulnerability Assessment and Assistance Program, and was president and CEO of Riptech Inc. when Symantec acquired the company last year.
Officials at DHS, in Washington, did not return calls for this story. But some former Bush administration officials criticized the DHS cyber-plan for lacking in specificity.
"The question is will [the NCSD head] be empowered to implement the national strategy and have the standing within the department to revitalize the public/ private cyber-partnership," said Roger Cressey, former chief of staff for the Presidents Critical Infrastructure Protection Board and now president of Good Harbor Consulting LLC, in Arlington, Va. "The IT industry has made it pretty clear to us that the administration sent several bad signals: no replacement for [former cyber-security chief Richard Clarke], creation of a cyber-division only after criticism and really nothing accomplished on the cyber-strategy since its publication. This explains why many people were reluctant to be considered for the job."
Part of the reason for the concern in the security community is the already- tenuous relationship between the government and private security companies and executives. The government has said it wants to improve relations, but the way DHS handled the NCSD hiring process has done nothing to aid that cause, sources in the security community said.