Security is lacking at all levels -- local, state and federal -- and it makes sense for the federal government to focus on the federal level. But infrastructure is infrastructure. Anything the government does in terms of technological improvements to the federal infrastructure can be replicated at the state and local level.
Do you think a key job responsibility for Obama's yet-to-be-named national chief technology officer (CTO) should be to improve IT security? If so, how would you advise that person to be most effective and efficient, given the country's bleak budget picture?
Get more budget. Security isn't free: not for corporations and not for the government. If the nation's CTO is going to try to do security on the cheap, then we're going to get cheap security. But given that Obama seems to realize that restricting budgets in our current fiscal situation is stupid, this shouldn't be a problem.
What's an under-the-radar security threat in government that people aren't paying enough attention to?
The threats have been the same for a while now: crime and privacy. One problem is that decisions we make now about data storage and use will be around for decades, so it's important to get it right.
In your book, you often mention security "theater" -- security measures that provide the feeling of effectiveness but don't really do anything. What's the most egregious instance of that going on right now, excluding security checkpoints at airports?
Security theater is everywhere in society. Photo ID checks in buildings are an excellent example. What exactly is the point of verifying that people have a valid photo ID?