Departures Cast Doubt on IT Security at DHS

The Bush administration's loss of two top cyber-security experts in as many months has left a leadership gap that industry experts say relegates the safety of the nation's IT networks to second tier.

Howard Schmidt
The Bush administrations loss of two top cyber-security experts in as many months has left a leadership gap that industry experts say relegates the safety of the nations IT networks to second tier.

Presidential adviser Howard Schmidt (pictured) resigned suddenly last week, following cyber-security czar Richard Clarkes resignation in March. Responsibility for cyber-security now resides primarily with the Department of Homeland Security, but experts say theres no one in the executive branch working exclusively to secure IT networks.

"Currently, no ones in charge," said Harris Miller, president of the Information Technology Association of America, in Washington. "You have no effective advocate whose only job is to focus on cyber-security."

One who is being looked to is Robert Liscouski, previously director of information assurance at Coca-Cola Co., who is in charge of overall infrastructure protection at the DHS. In addition to cyber-security, the departments Information Analysis and Infrastructure Protection division is responsible for analyzing and disseminating intelligence, overseeing the security of physical infrastructure, and coordinating a national communications system.

"Hes got a million things on his desk. Hes in charge of information protection generally," Miller said about Liscouski. "Its a question of how much can they have on their plate and get it all done."

This year, the IAIP division is funded for 500 full-time employees, and in fiscal year 2004, its work force will rise to 735, not including contractors and government employees detailed from the intelligence community and other agencies, said DHS spokesman David Wray. Although a number of positions in the division remain vacant, they have been filled temporarily by Secret Service agents, Wray said.

"Weve heard the message of Dick Clarke and Howard Schmidt that cyber-security is important, and we believe it," Wray said. "Liscouski comes to the table with significant cyber-security credentials. In his view, cyber cannot be divorced from physical infrastructure—it is woven throughout."

Speaking about Schmidts resignation last week, Liscouski thanked Schmidt for "providing the groundwork" for a cyber-security strategy. Schmidts leadership contributed to increased awareness of IT threats and vulnerabilities, he told a group of CEOs of critical infrastructure companies during a meeting of the National Infrastructure Advisory Council here.

Attempting to assure prominent industry leaders that cyber-security will not be buried under other priorities, Liscouski said that the IAIP division will provide a single point of contact for industry partners and local governments.

The IT industry had urged Congress to create an assistant secretary for cyber-security, but the administration opposed the position. As a fallback, the industry hoped there would be a permanent special adviser to the president, but that role appears tenuous following Schmidts departure.

The ITAA will ask the administration to appoint a special adviser to Homeland Security Secretary Tom Ridge, said Miller, who plans to meet with top DHS officials this week. "Weve had physical security for thousands of years. Physical security is something people are comfortable with," Miller said. "Cyber-security is still new."