There’s an old saying that all things end badly or else they wouldn’t end. It sounds nice, but it’s not necessarily true. Plenty of things simply end. The useful career of the Police, Man Vs. Food and highway A1A all ended without any catastrophic effects or gnashing of teeth. Now, with the end of Howard Schmidt’s career as White House cybersecurity coordinator nearing its end, much will be made of what he did or didn’t accomplish in his time in government service. That’s a fun parlor game to play, but the most important aspect of Schmidt’s time in Washington is the simple fact that he answered the bell when no one else would.
It may be difficult to remember now–or simply more convenient to forget–but when Schmidt took the job as President Obama’s cybersecurity coordinator in late 2009, the job had been vacant for a long time and it was not drawing much interest from potential candidates in government or private industry. The position was seen widely as a high-profile job that came with plenty of outward shine and prestige but little in the way of actual authority or power to effect change. Several well-known executives in the security industry had been approached about the job in the first few months of the Obama administration, but, despite some near misses, none was willing to get in the batter’s box and take a swing.
There had been speculation from the start that Schmidt was on the short list of candidates for the White House job, and he never really dismissed that talk. Schmidt had been in the job before, having served in a similar role in the George W. Bush administration, and he had a good idea what the gig entailed and what kind of challenges he’d face. He knew that responsibility for information security was splintered across the federal government, that federal agencies such the Department of Defense, Homeland Security and various intelligence outfits did their own thing and saw no reason for the White House to have any say in that. And he knew that several men had tried and failed to consolidate that information security power in the White House and had ended up bailing on the job, citing a lack of authority or the ability to get things done.
So it was both surprising and completely predictable that Schmidt ended up taking the job. He knew what he was getting into, knew the landscape in Washington and knew the players in the private sector who mattered, so the job was familiar ground for Schmidt. But he also knew the history of failure of his predecessors and the slim chances that he’d get credit for anything he accomplished, should he happen to succeed.
But he stepped up when everyone else had stepped back, because that’s what was asked of him.
And once he took the job and dug in, Schmidt did not waste his time trying to correct the mistakes of previous security advisers. Instead of spending precious months trying to bigfoot everyone and win a bunch of power struggles over authority and responsibility, Schmidt, understanding that he had the backing of Obama and his cabinet, set about trying to develop strong policies around online security, ecommerce and how the U.S. would handle conflicts in the electronic world. The International Strategy for Cyberspace, unveiled last year, was a landmark document in many ways, most notably in its assertion that the U.S. would not look kindly on attacks on its networks.
“The United States will continue to strengthen our network defenses and our ability to withstand and recover from disruptions and other attacks. For those more sophisticated attacks that do create damage, we will act on well-developed response plans to isolate and mitigate disruption to our machines, limiting effects on our networks, and potential cascade effects beyond them,” the strategy says.
The acknowledgement that the U.S. not only had detailed offensive plans but was perfectly willing to put them into action was a milestone. Security experts had said for years that this was the case, but it had never been discussed publicly before in any specific terms. Bringing that conversation out into the open was an important step, as was the fact that Obama often discussed information security threats and Internet privacy issues in his speeches. Security became a consistent part of the discussion in Washington in the last couple of years, and that’s no small thing.
It’s too early at this point to say whether Schmidt’s legacy as White House cybersecurity coordinator will be written in red or black ink, but whenever it’s set down, it should be noted prominently that Schmidt was willing to take two shots at a difficult, often thankless job when many others couldn’t be bothered to consider it. Federal government jobs–even those in the White House–don’t pay as well as running security at Oracle or Microsoft or Bank of America, whatever success you have will be credited to your bosses and every failure is yours and yours alone.
But the job needs to be done and that’s what Schmidt did.