Former Congressman Tom Davis (R-Va.), who emerged as a leading voice on federal cybersecurity over his seven terms in the House, said yesterday he has no interest in returning to public service to serve as President Obama’s cybersecurity coordinator, a new position for which he has been rumored as a top candidate.
“If I wanted to stay in government, I would have stayed in Congress,” Davis said during a panel discussion at the National Press Club. “I was lucky enough to leave Congress undefeated and unindicted,” he quipped, adding that he was happy in his current role as a consultant with Deloitte.
However, he was quick to hedge his bets with a favorite refrain of individuals rumored for government jobs that they might not want, but also don’t want to rule out.
“You never say never,” Davis said, declining to say whether he had been interviewed for the position.
Obama’s announcement that he would create a new position in the White House to coordinate federal cybersecurity activities accompanied the release of a sweeping review of the government’s policies and programs in place to protect the nation’s digital infrastructure.
The security community greeted Obama’s commissioning of that review in February with great fanfare, as critics had long warned that strong federal leadership was missing from cybersecurity policy. The accolades continued following Obama’s announcement last month, though some have expressed disappointment that the new position is too low in the federal hierarchy.
Obama pledged that the new cybersecurity coordinator would have his full support and regular access to the Oval Office, but in practice, the position would report to the national security adviser and the head of the National Economic Council.
“On a day-to-day basis, it doesn’t seem like the person’s going to have very much power,” said James Bamford, a journalist and author who’s made a career out of covering the National Security Agency. “I just think, at least in the circles I hang around, there was a bit of a disappointment after the [announcement] that the position didn’t have the stature that it might have had.”
Bamford praised Obama for elevating cybersecurity as a priority, but said the relatively low rank of the position (many had expected it to be a Cabinet-level job) could make it tough to attract a leading figure from industry or government.
“I don’t know a real powerful person that would take a job that would actually be so far down in the bureaucracy,” he said. “If you’re powerful, you’re not going to take a kind of junior staffer level [position].”
Aside from Davis, other candidates who have been rumored for the position include Microsoft security chief Scott Charney and Paul Kurtz, a former security official in the Clinton and second Bush administrations who headed cybersecurity for Obama’s transition team. Other names being bandied about include Susan Landau, a distinguished engineer at Sun Microsystems, and government security veterans Maureen Baginski and Frank Kramer, according to a Reuters report.
The panelists at yesterday’s event emphasized the enormity of the task ahead for the cybersecurity coordinator, who appears to be charged with bringing together the disparate operations of the executive agencies, while also serving as a liaison to Congress and private industry.
Obama may imagine those jobs falling under one office, but navigating the thicket of bureaucracy that currently pervades federal cybersecurity is going to take a joint effort.
[cob:Special_Report]”The correct question is how you build the right team, not how you pick the right individual,” said retired Maj. Gen. Dale Meyerrose, who currently serves as vice president for cyberspace with Harris Corp.
Critics often point out that the federal cybersecurity apparatus has been hobbled by interagency turf wars of the sort that might prevent the Department of Homeland Security from sharing information with the National Security Agency, for instance.
Breaking down those barriers is one aspect of the job. But Davis, one of the architects of the Federal Information Security Management Act that set up a scorecard to evaluate agencies’ cybersecurity operations, said that any significant reform will have to go through Congress. With cybersecurity spanning the jurisdictions of a host of committees, from the judiciary to commerce, intelligence to homeland security, Capitol Hill has its own set turf wars.
“If you think it’s difficult getting it done through bureaucracy, wait till you get to Congress,” he said. “Every committee claims some semblance of jurisdiction on this.”