Apathy Creeps In as Cybersecurity Czar Search Drags On

It’s been five months since President Obama announced his plan to appoint a cybersecurity coordinator, and his failure to fill the position has created something worse than anger: apathy.

It’s been five months since President Obama announced his plan to appoint a cybersecurity coordinator, and his failure to fill the position has created something worse than anger: apathy.

Immediately following the announcement in May, there was tremendous optimism in the security industry and in Washington about what a strong, experienced coordinator with the full backing of the president could accomplish. Security professionals in the private sector had high hopes for renewed interactions with federal agencies on vulnerability and attack data, coordinating responses and trying to repair the damage done to those relationships over the last few years.

Even inside Washington, where cynicism is a religion and hopes for change are crushed daily on the altar of compromise and politcal expediancy, there was cautious optimism. Former cybersecurity officials said they liked Obama’s initiative and the fact that he was moving the responsbility for information security from the Department of Homeland Security back to the White House, where it belonged all along. Having one office with ultimate responsibility for security would help eliminate a lot of the inter-agency squabbles and lack of accountability that has plagued the government’s recent efforts.

And when a couple of months passed without Obama naming someone to the coordinator post, a lot of people gave him the benefit of the doubt, saying he was being deliberate and cautious in his choice. No need to rush in, they said, the problems will still be there. Then came the cries for action, the questions about what was going on, whether security was still a top priority, as Obama had said in May.

But now, with five months gone since Obama’s announcement, all of that has been replaced by a lot of shrugging. People have moved on. They’ve stopped wondering what’s going to happen in Washington (if they ever really cared) and are busy going about their own business. One former government official told me recently that there’s very little talk at all about the cybersecurity coordinator position in Washington. It just doesn’t register.

And that’s the real problem. Hearing Obama talk about security gave it a bit of cachet that it hasn’t had in quite a while. (Obama said botnet! The president knows what malware is!) But that glow dimmed quickly and what we’ve been left with is not much of anything, unless you count the video from Obama promoting National Cybersecurity Awareness Month.

The good news is that all it takes to change this is one move. Bring in a strong leader who’s ready to work and much of this will be forgotten. No one will remember the months of indecision and inaction. But until then, it’s business as usual.

Suggested articles

White House Releases VEP Disclosure Rules

The White House released a charter document on Wednesday outlining how the U.S. government will disclose cyber security flaws and when it will keep them secret.

Discussion

  • Larry Seltzer on

    Actually, it's a lot more than 5 months since he announced it. He announced it over a year ago during the campaign. Back then he said that the advisor would report directly to him. Like a lot of his campaign promises, this turned out not to be such a great idea so he just decided to change his mind.

    There's more to the solution than just bringing in a bold leader. They've announced that the advisor will report to two different White House officials with different agendas. This formula for failure is probably why nobody has been willing to take the job.

  • Dennis Fisher on

    I realize he announced it last year. I was talking about the May press conference.

    The problem of reporting to two bosses is definitely an issue, but it's probably not even the biggest issue. It's more a question of defining the role, which he hasn't done, and setting goals that are achievable and have some merit. That's not being done.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.