June 12, 2009

Who’s On The Shortlist For Cyberczar?

Scott Charney, head of Microsoft's cybersecurity division, and a former member of President Bush's and President Clinton's national security teams are on the shortlist to be the nation's new cybersecurity czar, according to a Reuters report.

President Barack Obama announced the creation of the new post last month, saying that he would personally decide who would lead the nation's defense and response against major cyber attacks.

Although Charney has said he won't take the job, he could change his mind if pressed, Reuters said, citing a source with direct knowledge of the matter.

Charney also led the Justice Department's computer crime section as well as PricewaterhouseCoopers' cybercrime unit.

His top competitor for the post is likely Paul Kurtz, who led Obama's cybersecurity transition team and was a member of the National Security Council under both Clinton and Bush, Reuters said.

Others in the running include former Rep. Tom Davis (R-VA), Sun Microsystems executive Susan Landau, Maureen Baginski, formerly with the National Security Agency and the Federal Bureau of Investigation, and Frank Kramer, former assistant defense secretary under President Clinton, Reuters said.

Less likely candidates include Melissa Hathaway, who conducted Obama's cybersecurity review, and James Lewis of the think tank Center for Strategic and International Studies (CSIS).

Symantec Corp. board chairman John Thompson had been a candidate, but declined consideration, Reuters said.

Although specific details of the responsibilities of the new post have not yet been defined,  the position described in Hathaway's review involves a coordinator who reports to both the National Security Council and the National Economic Council.

Shortcomings in U.S. cybersecurity defenses have resulted in major incidents of thefts of money, identity, intellectual property and corporate secrets.   In one instance, a financial institution lost $10 million in cash in one day.  Sensitive military information has also been stolen, and the U.S. electrical grid has been penetrated.

Landau, a Sun Microsystems engineer who has worked on digital rights, privacy and export control, said she would advise Obama to make the new post a top-level position.

"The job is very important," Landau told Reuters.

"We have all sorts of different kinds of threats. ... What you want is ubiquitous security."

Lewis, who declined to confirm whether he was under consideration for the new job, said Obama must emphasize national security expertise in selecting the cybersecurity czar.

"Some guy from industry is going to write a national security strategy? No, they aren't. You don't just pick this up," he told Reuters.

"You need somebody who knows the national security game, who knows government and who knows about the technology," he added.

Before becoming a national security and technology senior fellow at CSIS, Lewis was foreign service officer with a variety of assignments including encryption, global arms sales and high-tech trade with China.

Congress appears to share Lewis' and Landau's views, said Reuters, quoting a senate staffer familiar with the matter.

"The president's vision is a heavyweight," the staffer said.

"I'm concerned that he or she will get sort of tied up, like Gulliver, tied down by a million different reporting requirements."