Immediately following the announcement in May, there was tremendous optimism in the security industry and in Washington about what a strong, experienced coordinator with the full backing of the president could accomplish. Security professionals in the private sector had high hopes for renewed interactions with federal agencies on vulnerability and attack data, coordinating responses and trying to repair the damage done to those relationships over the last few years.
Even inside Washington, where cynicism is a religion and hopes for change are crushed daily on the altar of compromise and politcal expediancy, there was cautious optimism. Former cybersecurity officials said they liked Obama’s initiative and the fact that he was moving the responsbility for information security from the Department of Homeland Security back to the White House, where it belonged all along. Having one office with ultimate responsibility for security would help eliminate a lot of the inter-agency squabbles and lack of accountability that has plagued the government’s recent efforts.
And when a couple of months passed without Obama naming someone to the coordinator post, a lot of people gave him the benefit of the doubt, saying he was being deliberate and cautious in his choice. No need to rush in, they said, the problems will still be there. Then came the cries for action, the questions about what was going on, whether security was still a top priority, as Obama had said in May.
But now, with five months gone since Obama’s announcement, all of that has been replaced by a lot of shrugging. People have moved on. They’ve stopped wondering what’s going to happen in Washington (if they ever really cared) and are busy going about their own business. One former government official told me recently that there’s very little talk at all about the cybersecurity coordinator position in Washington. It just doesn’t register.
And that’s the real problem. Hearing Obama talk about security gave it a bit of cachet that it hasn’t had in quite a while. (Obama said botnet! The president knows what malware is!) But that glow dimmed quickly and what we’ve been left with is not much of anything, unless you count the video from Obama promoting National Cybersecurity Awareness Month.
The good news is that all it takes to change this is one move. Bring in a strong leader who’s ready to work and much of this will be forgotten. No one will remember the months of indecision and inaction. But until then, it’s business as usual.