President Obama on Tuesday named Howard Schmidt, a security veteran with high-level government and industry experience on his resume, as the White House cybersecurity coordinator.
If you're looking to bury news, make your announcement the week of Christmas. Not that I'm suggesting that's necessarily the case here, but I'm sure the administration doesn't mind that fewer voters will be reading about how the appointment comes seven months after Obama declared cybersecurity a major priority. If it was such a priority, why did it take more than half a year to fill the newly created position?
To be fair, the administration had reached out to more than a few prospective "cyberczars," including Tom Davis, the former Republican congressman from Virginia; Microsoft security executive Scott Charney; and John Thompson, chairman and former CEO of Symantec. Apparently, none of them were thrilled about the job.
Why? There are questions about the cyber chief actually having enough power to accomplish what will undoubtedly be a tough job. In May, when Obama announced the new role, Purdue University professor Eugene Spafford told PC World that "the position is certainly a lot more lower-level than what many of us working in security had hoped."
"Howard will have regular access to the president and serve as a key member of his national security staff," said John Brennan, national security adviser to the president for homeland security and counterterrorism, in an e-mail posted on the White House Web site. "He will also work closely with his economic team to ensure that our cybersecurity efforts keep the nation secure and prosperous."
Schmidt will be asked to coordinate cybersecurity policy across the federal government, but he will report to both Brennan and senior national economic adviser Lawrence Summers, who reportedly insisted that the position fall under his purview. In July, cybersecurity expert Jim Lewis described the role as "bag-holder in chief" in an interview with the Washington Post. "If something bad happens, you're responsible for cybersecurity, even if you don't have the authority to pull it off."
After word leaked out Monday that Schmidt would be getting the job, one of his colleagues told the Washington Post that Schmidt "has many of the qualities and connections that one would think would be good for the position." But, the source added, "I don't have high expectations for that position as it is currently defined, so he's very possibly overqualified for it."
Schmidt, who analysts had long viewed as a candidate for the job, does has impressive credentials. He was a senior cybersecurity adviser in the George W. Bush White House. His private-sector experience includes stints as Microsoft's chief security officer and eBay's chief security strategist, and he's currently the president and CEO of the non-profit Information Security Forum. He's also served in information security roles in the Air Force and Army.
Industry observers may not think much of the cybersecurity coordinator position, but most hold Schmidt in high regard. "Howard is going to surprise a lot of people in Washington," Alan Paller, director of research at the SANS Institute, told GovInfoSecurity. "He had extraordinary successes as CISO at Microsoft -- at a time when security wasn't very high on most of the Microsoft officers' priority lists. He has demonstrated that he can forge sufficient support to overcome resistance and get things done."Those are skills he's going to need in his new role.