Tomorrow’s shaping up to be a big day for the cybersecurity community.
Around lunchtime Friday, the White House is scheduled to release the results of a sweeping cybersecurity review President Obama commissioned earlier this year, an event which will likely also include the long-awaited appointment of a national cyber advisor to coordinate government efforts to protect the nation’s digital infrastructure.
And yet, half a day away from the big event, so many questions remain.
“They’ve held their cards close,” said TechGuard Security CEO Suzanne Magee, one of the many executives consulted in the government’s review.
“We think it will be probably at a Cabinet-level position,” Magee told InternetNews.com as she was making her through the airport to catch a plane for Washington for tomorrow’s event.
Creating a cyber advisor would fulfill one of Obama’s campaign promises, but the role begs the same questions about focus, structure and authority that surrounded the creation of a federal CTO.
And to some, simply installing a high-profile position in the White House doesn’t get at the core issues that undermine the security of government systems.
“A lot of the talk that’s been proposed so far has been at a very high-level,” Gartner analyst John Pescatore told InternetNews.com. “I think that’s actually the wrong focus for trying to increase the cybersecurity of U.S. Internet-connected systems.”
Pescatore would rather see a more operational role, what he describes as a chief information security office, rather than the “bully pulpit” position he fears a cyber czar would become.
Rather than charge a very senior official with commissioning and promulgating more reports about the vulnerability of the nation’s defenses, he suggests a heftier cyber-focused infrastructure organized in the Office of Management and Budget. That office would focus on more nuts-and-bolts type issues such as establishing baseline procurement requirements for agencies shopping for software packages.
But to Magee, whose security firm focus on protecting critical infrastructure and has contracted with the Defense Department and agencies in the intelligence community, the cyber czar should be able to do both.
She envisions the role as having the twin functions of promoting cybersecurity awareness and education to the general public, while at the same time coordinating among the various agencies to shore up their systems and policies.
Another wild card ahead of tomorrow’s announcement is how much of a shakeup the administration could roll out concerning the existing government cybersecurity apparatus.
[cob:Special_Report]How much of the responsibility that currently resides at the Department of Homeland Security or the National Security Agency, for instance, would be given over to the office of the new cyber advisor?
And how much will the stance of the government shift from a reactive to a proactive role? Critics often charge that the government — particularly the NSA — is too focused on detecting and blocking security breaches after the fact, rather than improving the baseline security of its systems to prevent the breach in the first place.
So how much of a change can we expect? For now, the White House isn’t saying. But they wouldn’t want to spoil the surprise ahead of tomorrow’s big event now, would they?