It's astonishing, but apparently no one wants to be the federal government's Cyber Czar... at least not for very long.
As first reported by AP yesterday, Silicon Valley entrepreneur Rod Beckstrom is walking away from the post after just a year on the job, the latest in a series of appointees to jump from the post after serving a relatively short tenure. Beckstom's official title was Director of the National Cybersecurity Center, a division of the Department of Homeland Security.
However, perhaps more outspoken than some of his predecessors, Beckstrom offered up some choice words as to just why the post was such a frustrating position to occupy on his way out the door. You can read the entire letter here as posted by Wired.
But long before the management guru's brief service as Cyber Czar began, the position had come under fire for being buried too far beneath other layers of DHS to gain sufficient influence necessary to see its agenda promoted aggressively. Former White House advisor Richard Clarke in fact turned down the job for those reasons before anyone had ever even manned the post.
But, while at the same time criticizing the current positioning of the NCSC, specifically its authority in relation to that of the National Security Agency, Beckstrom's list of the goals his five person team accomplished isn't actually that shabby, especially considering his contention that the group only received roughly five weeks of funding. Five weeks of funding!
I mean, can you blame the guy for leaving? He was brought in based on a specialty in bridging management gaps and fostering inter-organizational communications or something, he's not even a security expert.
Beckstrom also introduced a pretty important argument as part of his surprisingly positive tone in the letter, which is addressed "warmly" to DHS Secretary Janet Napolitano and kindly recommends his "capable" Deputy Director Mary Ellen Seale to assume the NCSC leadership role.
The management expert questions the dominance that the NSA has over U.S. cybersecurity policy, and recommends strongly that a civilian-run outfit like NCSC retains some level of oversight, if not a lot more.
I have zero knowledge of how the NSA does business. I'd never even begin to criticize its efforts. I know nothing of them. But I do know that we're coming out of an era when there have been a lot of questions about the centralization of power in our government, particularly in some areas of the national intelligence community. I like this idea of diversity. I am a civilian. I value the idea that we have representative influence in this process. Checks and balances.
Believe me, I hope that the NSA is already beating the brains out of the bad guys, but the epidemic nature of cybercrime and some of the reported incidents in the federal sector only reinforce the fact that clearly the nation needs to put a lot more emphasis on its response in general. To think that any element of DHS, especially one this high-profile, is only receiving a month's worth of funding... seems, well, disastrous.
The Obama administration has already made space in the White House for the new Office of Cybersecurity, and named Melissa Hathaway as its lead, which seems to have been positively received by many experienced people familiar with her work in D.C.
Some critics of Beckstrom questioned his ability to fulfill the job leading NCSC from the get go, but, when you look at the position he was thrust into, and its apparent lack of support, it's pretty clear that whoever assumed the job was somewhat destined to fail, or least come up far short of initial expectations.
And really, it would also seem that perhaps only someone from outside the beltway like Beckstrom could best communicate to his former bosses just exactly why the existing organization is broken.
Simply put, in some senses, we're still waiting for the federal government to consider cybersecurity a significant enough operational challenge to dedicate sufficient resources to pursuing it comprehensively. It looks like it's finally being added to the budget.
But that sounds more like a matter of business process management than one of espionage to my ears.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.