Howard Schmidt, the top White House information security adviser, is retiring after more than two years on the job and several decades in security both in government and private industry. Schmidt is in his second stint as the White House security chief and he’s leaving at a time when cybersecurity has moved into the top tier of military and economic concerns for the country.
The departure is a blow to the Obama administration’s efforts on cybersecurity and comes at a time when the White House is wrangling with Congress on legislation designed to address various information security problems and weaknesses. There are competing proposals in Congress right now and one of the major sticking points has been what kind of information companies will be allowed to share with government agencies regarding attacks and vulnerabilities.
Schmidt, who will leave at the end of the month, took on the role of White House cybersecurity coordinator in early 2010 after a varied and long career in security and law enforcement. He was the CISO of Microsoft, and Air Force officer and had earlier served as the top cybersecurity officer in the George W. Bush administration. After Obama took office, the top information security job was vacant for quite a while and word at the time was that the job had been offered to a variety of top executives in the security industry, but no one had been interested.
The position was seen as having a lot of prestige, but not much in the way of power because the responsibility for information security inside the federal government is so splintered. The Department of Homeland Security, U.S. Cyber Command, National Security Agency and other groups all have some sort of responsibility for security. There were not many takers for the job of throwing a rope around all of that mess and trying to work with the private sector and other governments to fight cybercrime.
“The private sector in the prevention of crime is very key, and, once again, look at a continuum. The products that are created, whether it’s software or hardware, become more resistant to some of the things that we see out there, whether it’s phishing/spearphishing, whether it’s vulnerabilities in software and hardware where private sector has a lead role in being able to reduce that from taking place,” Schmidt said in an interview last year.
“The other piece, as when we look at some of the things like the National Cyber Security Alliance here in the U.S., we look at some of the other partnerships that take place in Australia, Canada, U.K. and how they work with the private sector, just even some of the messaging thing about how to protect your identity online. ENISA, the European Network Information Security Agency has done a lot of really good work in what they call the AR Group, the Awareness Raising Group that puts together some best practices for consumers and businesses and everything. So, working with the private sector is really key, because they can not only help build the technology that reduces the likelihood of becoming a victim, but they can also help spread the message with their customers.”
Schmidt will be replaced in the White House by Michael Daniel, who works in the budget office, according to a report in the Washington Post. Daniel has worked on intelligence and security issues for several years.
One of the major initiatives undertaken by the White House during Schmidt’s tenure was the development of the National Strategy for Trusted Identities in Cyberspace, a blueprint for the adoption of non-password based online identities. Schmidt said he saw the development of alternative authentication methods as a key for improving security.
“We’re starting to see a lot of these companies working with other companies to make sure we’re looking at the full breadth of things, not only the one-time password that may be on your mobile device, but also what can we do to make sure that somebody doesn’t wind up hijacking that through some other sort of mechanism? So, overall, I think there’s a full recognition of the challenges we have moving forward. The people that I’ve talked to in the national program office I’ve talked with recognize that the status quo doesn’t apply here, that we can take a lot from the experiences we’ve had in the past and the next generation of trusted identities or strong authentication or in-person proofing, we can much improve over where we’ve been to date, so very, very positive,” he said in the 2011 interview with Threatpost.