First it was the national strategy to secure cyberspace that got subverted by the political process. Now, as threats to the nations public and private networks continue to grow, the federal government continues to stumble in its efforts to name a cyber-security leader at the Department of Homeland Security. With the rapid-fire resignations of Richard Clarke and Howard Schmidt from the Presidents Critical Infrastructure Protection Board this spring, Tom Ridge, secretary of the DHS, received a golden opportunity to fold the cyber-security agency into his own ranks and gather expert input to find a popular candidate to champion the National Strategy.
But just as the development of the National Strategy turned from a collaborative effort to a secretive edict—with only public outcry at the 11th hour forcing an abbreviated feedback period—Ridge and company have taken the hiring process underground. It was never meant to be this way. For any of this to work, the process needs to be open, cooperative and worthy of the trust of all who will facilitate and depend on the system.
Ridge hinted in an interview, earlier this month, that a candidate to head the cyber-security section of the DHS had been chosen, but he declined to elaborate. Most security industry insiders say they are puzzled because obvious top contenders have never been contacted.
“Its been the most closed process Ive ever seen,” Harris Miller, president of the Information Technology Association of America, told eWEEK. “Its not clear how much respect security has in this administration.”
This hardly bodes well for the genesis of a system that participants will count on for open discussion and disclosure of serious threats. The DHS needs to conduct this business in the light of day if it ever hopes to win over an already skittish, suspicious security community.
Indeed, many security insiders said they had been asked to supply names to the DHS for consideration. But a polling of some top contenders reveals most were never contacted by the DHS. For an agency that will depend on private-sector cooperation for its survival, the dismissal of such industry input is a harbinger of doom. Cooperation wont just work when the government needs details of the latest vulnerability; it needs to begin now with the creation of these important mechanisms. “The IT industry has made it pretty clear to us that the administration sent several bad signals,” said Roger Cressey, former chief of staff for the Presidents Critical Infrastructure Protection Board.
We agree. DHS cyber-security needs to operate in an environment of trust. Without it, vulnerabilities will go unreported, attacks will go unshared and protection strategies will go undiscussed. The federal government can still win support by opening the process by which it will choose a cyber-security leader.
Send your responses to [email protected].