After far too long, President Obama finally appointed a “cyberczar” on Tuesday. Howard Schmidt has the credentials to coordinate the government’s defense against digital sabotage. Will he also have the authority?
Appropriately, his experience is as deep as the cyberthreat is wide. Mr. Schmidt has been involved with cybersecurity in government (the George W. Bush administration), in the private sector (at eBay and Microsoft), in law enforcement (at the FBI), and internationally (heading up a nonprofit dedicated to this problem). He has both technical and policy know-how.
He also served in the military, which this month confirmed that Iraqi insurgents learned to intercept video feeds from unmanned drones. (The signals have since been secured.)
Schmidt’s job is immense – to orchestrate the military and civilian branches of the federal government as they try to ward off cyberattacks from hackers, terrorists, governments, criminals, and others. That translates, for instance, into preventing the disabling of electric, transportation, financial, and other critical networks.
Cyberattacks on public and private digital systems in the US are increasing. In 2006, the Pentagon counted 6 million attempted intrusions on its computers; last year, it was 360 million. US businesses have also lost billions of dollars in intellectual property to hackers.
In November, the Government Accountability Office found a 200 percent increase in reports of cybersecurity “incidents” at federal agencies between 2006 and 2008. The GAO warned of “significant weaknesses” and “pervasive vulnerabilities” at the agencies.
While Americans may picture Afghanistan when they think of war, cyberattacks on the US occur daily. On Tuesday, the Wall Street Journal reported that the FBI is investigating a hacking into Citigroup Inc. that resulted in the theft of tens of millions of dollars – supposedly by Russian criminals. (Citigroup disputed the story, and said no one had lost any money.) Earlier this year the media reported foreign infiltration of the electric grid, penetration of Air Force air-traffic control, and the theft of top-secret information on a fighter jet.
Back in May, when President Obama announced he would create an office of cybersecurity in the White House and appoint a cyberczar, he promised to make protecting digital networks a “national security priority.” But he has had a hard time filling this czar job. Reportedly dozens of candidates were approached, but many bowed out because of concern of too much responsibility without real authority.
Schmidt enters his job as key agencies move forward with big plans to improve cybersecurity.
The Pentagon’s has a new Cyber Command meant to manage its offensive capabilities (disruption of enemy systems) and defensive ones. The State Department, in a reversal from the previous administration, is talking with Russia and the United Nations about “cyber arms control” and international strengthening of Internet security. The US Department of Homeland Security has just opened a cyberwatch-and-warning center for the nation’s technology infrastructure. Meanwhile, more than a dozen bills related to cybersecurity have been introduced in Congress.
Schmidt will have to make sure these various efforts work together – and work, period. But as if that weren’t enough, he’ll need to put his imprint on a new national strategy for cybersecurity.
As this challenge balloons, the government may have to take a more hands-on approach – for instance, setting cyber- safety standards for the technology sector just as it eventually did for the auto industry.
All of this is a tall order, not doable unless the new cyberchief is perceived as acting on behalf of the commander in chief. The White House insists that Schmidt will have regular and direct access to the president from his office at the National Security Council. Mr. Obama will have to show that this is true, or else his cyberczar will be a czar in name only.