The government is looking for one good person: someone with years of operational security experience with a solid track record of leading a talented group of people performing vital, sensitive tasks for a public-sector salary in complete anonymity.
The candidate must be willing to work long hours, be comfortable with getting no credit for his or her successes and take a public thrashing for the smallest failures. And do it all on a limited budget while trying to get personnel from a half-dozen agencies to work together and cooperate.
Interested parties should contact the Department of Homeland Securitys Information Analysis and Infrastructure Protection directorate. Immediately.
Nearly six months after the DHS formally began operations, officials are still searching for someone to head the departments cyber-security operations. A nationwide search has turned up few real candidates, and the prospects for the process coming to an end any time soon are slim. The National Cyber Security Division is barely a month old, but if a strong leader doesnt sign on soon, it runs the risk of becoming an orphan within the massive DHS.
NCSD is designed to handle the governments incident response and early-warning duties and includes personnel from a variety of agencies, including the FBI, Federal Computer Incident Response Center, Critical Infrastructure Assurance Office and National Communications System. As those factions begin to work together, theyre naturally somewhat hampered by the lack of a permanent department head giving them a clear sense of purpose and direction.
“The search is still ongoing for someone. These things take time,” said Bill Murray, a DHS spokesman, in Washington. “Were not rushing to fill the position. Were looking for the right person.”
Murray said hes not sure whether the department has narrowed its list of candidates or is still casting a wide net.
Either way, the problem isnt a lack of qualified candidates—quite the opposite, in fact. There are any number of people, in the government and the private sector, who have all the requisite credentials and skills to handle the job. However, none of them seems to be interested.
When Richard Clarke, the former chairman of the Presidents Critical Infrastructure Protection Board, decided to leave the government after 30 years, he said it was something he had planned to do for years. However, Clarke was known to be frustrated with the way the DHS was being organized, particularly the fact that the cyber-security division would be taking over the functions that the PCIPB handled. He left for the lucrative speaking circuit rather than take a diminished role inside DHS.
Clarkes right-hand man and successor, Howard Schmidt, was seen as a natural for the DHS job. With a background in law enforcement and information security, including a stint as the chief security officer at Microsoft Corp., Schmidt knows his way around Washington as well as Silicon Valley. Schmidt is considered one of the most respected and level-headed security experts in the country, and his unique experience would have been invaluable.
But, Schmidt quickly grew unhappy with the way DHS officials were dragging their feet in setting up the NCSD. He left the government in April for a job as chief security officer at eBay Inc.
A big part of the problem in finding someone to run the NCSD is that the position is not a very senior one and is several layers down in the departments hierarchy. The NCSDs head will report to Robert Liscouski, the assistant secretary for infrastructure protection, who, in turn, reports to Frank Libutti, the under secretary for information analysis and infrastructure protection. That gives the NCSD chief no meaningful access to the top decision makers in the White House or other parts of the national security apparatus.
“Would I be interested? I havent been asked. But I wouldnt take a job without the authority,” Mary Ann Davidson, chief security officer at Oracle Corp., in Redwood City, Calif., said of the NCSD position. “Who you report to is important, especially in Washington.”