On the Subject of the Cybersecurity Czar

By Taher Elgamal
Chief Security Officer
Axway

There’s no common thread that says, “All of you are really important to the cybersecurity of this country, and we need to collaborate to actually improve it.”

There’s no common thread that says, “All of you are really important to the cybersecurity of this country, and we need to collaborate to actually improve it.”

The role of cybersecurity czar will surely be a challenging one for the Obama administration to fill.

But truly, before the choice of the actual person is made, a number of tasks need to be decided on. A single cybersecurity czar doesn’t have to solve all the issues at hand. If somebody stays in the role for a year or two and just sets certain things in motion and actually starts to improve the situation—rather than talk about improving the situation—then somebody else can pick that up and continue the implementation. A succession plan can be designed to improve the entire situation.

What we need to see from the next cybersecurity czar are programs that will incentivize organizations to implement the correct things. I’m not talking about bailout money; I’m talking about actual, measurable tasks. If you’re a bank or another important company, the cybersecurity of your particular part of the network is really just as important to the country as any other part of the network because everything’s connected together. And with government networks, putting together programs and improving the situation, rather than talking about what it is that needs to be done, is the way to go. People already know what needs to be done!

There are hundreds of CIOs in the federal government, and everybody has their own budgets and desires and priorities and so on. There’s no common thread that says, “All of you are really important to the cybersecurity of this country, and we need to collaborate to actually improve it.” We need to be more quantitative with our incentives—if this or that happens, your budget gets improved, or you get to hire more people. Something.

I’m not a fan of somebody sitting at the White House writing policy about cybersecurity. It was already written during the Clinton administration and it looks fine. It still applies. Why are we second-guessing it? Any baby steps we take to improve the situation will probably lead to the right place. The trick is finding a czar who is going to take those baby steps and adjusting certain policies as we go on.

President Obama talked about change during the campaign, but hiring someone to write policy is not change. It is completely status quo. Change is about putting things in motion. Is protecting the cybersecurity of the country just as important as protecting the financial system or the auto industry? History will have to judge that, ultimately, but in the short-term, the answer is yes: protecting our nation’s cybersecurity has to be a priority. It can’t be relegated to being a mere political gesture. It must be replete with the spirit of change.

(Photo by declanjewell: http://www.flickr.com/photos/declanjewell/ / CC BY 2.0)

Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s