As Richard Clarke prepares to step down as chairman of the Presidents Critical Infrastructure Protection Board and adjust to life in the private sector, questions remain about the boards place and utility in the new Department of Homeland Security.
Clarke plans to resign within the next few weeks after 30 years of government work. For the past 18 months Clarke has been consumed with putting together the National Strategy to Secure Cyberspace. The final draft of the document is due for release soon, likely by the end of February.
He spent months traveling around the country rallying support for the plan and seeking comments and suggestions from security experts and private citizens. But, with the strategy finished—and recently signed by President Bush—Clarke decided to leave.
Howard Schmidt, the vice chairman of the PCIPB, has taken over Clarkes duties. Schmidt was the former chief security officer at Microsoft Corp., and has a deep background in both government and law enforcement.
The board is set to become part of the massive Department of Homeland Security later this year, and it is unclear how it will fit in with the numerous operational information security organizations being brought under the departments control. The job of overseeing the departments Information Analysis and Infrastructure Protection division remains unfilled.
The reason, industry insiders say, is that there is no obvious choice for the job.
“Theres really no go-to guy out there for this job. No one jumps out at you,” said Mark Rasch, senior vice president and chief security counsel at security vendor Solutionary, Inc., based in Lincoln, Neb. “Who they pick will really dictate the outlook and structure of the division.”
One name that has come up in discussions about the job is that of John Tritak, the former director of the Critical Infrastructure Assurance Office. Tritak, a lawyer and State Department veteran, recently left the CIAO. People close to the situation said he had become frustrated by the inefficiencies of the numerous overlapping organizations within the federal government that were responsible for information security.