NEW YORK—The uncertainty surrounding the change in leadership at the Department of Homeland Security has thrown the search for a permanent director of the National Cyber Security Division into flux, and it now appears likely that the division will continue for the time being under interim Director Andy Purdy.
President Bush this week named former New York Police Department commissioner Bernard Kerik to replace Secretary Tom Ridge, who announced last month that he intends to resign at the end of January. People familiar with the process say that its unlikely now that the DHS will name a permanent NCSD director before Kerik takes over the department in February. Kerik likely will want to make his own appointments for vacant positions, and officials say it would be difficult to find someone willing to take the job now with no guarantee as to the length of employment.
"Its probably going to stay the way it is right now for a while," said one person with direct knowledge of the situation. "Things have been going smoothly so far, and theres no reason to change it right now, with the new secretary coming in."
Another factor in the search effort is the relative lack of authority that the NCSD director position has. There is a lot of support in Washington, including on Capitol Hill, for elevating the directors job to the level of assistant secretary. But there are still some pockets of resistance inside the DHS for such a move, and a last-ditch effort by security industry insiders and legislators failed this week to insert language into the intelligence reform bill that wouldve made the NCSD head an assistant secretary.
But people who work with the DHS say there are still plenty of reasons for optimism about the information security apparatus at the DHS.
"We have made good progress. We got a lot of attention when we introduced the national strategy and right afterward, but thats died down. But a lack of attention shouldnt be confused with a lack of progress," said Howard Schmidt, the former White House cyber-security adviser who is currently working closely with the DHS and the US-CERT to help implement the National Strategy to Secure Cyberspace. "But in some circles, perception is reality. When we were at the White House, the role was policy development. Its gone from cheerleading to operational. But theres not a lot of hoopla around day-to-day operations. "
Schmidt cited as an example of the progress the improved relationship between the private sector and government security officials, who now communicate on a regular basis, not just during major attacks or other crises. However, he said he would like to see some more interest in information security at the highest levels of the Bush administration.
"The more senior the person who talks about it, the more powerful it is," Schmidt said. "Lets get some senior administration people talking about it."
One high-ranking federal security official agreed with Schmidts assessment, and said that despite a raft of serious problems, including identity theft, phishing and worms, the current administration seems content to leave much of the security burden at the feet of the private sector.