For the first-ever White House cyber-security coordinator, President Barack Obama appointed a man who has played on both the public- and private-sector sides of the security fence.
In the George W. Bush administration, Howard Schmidt was the vice chairman of the president's Critical Infrastructure Protection Board and a special adviser for cyberspace security. He also served as a security executive at eBay and Microsoft.
In his new role as the nation's cyber-security chief, Schmidt will have "regular access to the president and serve as a key member of his National Security Staff," John Brennan, assistant to the president for homeland security and counter terrorism, said in the statement. Other duties include strengthening computer security for various agencies, developing new technology and conducting national campaigns for cyber-security awareness.
"The enormous challenge our nation faces requires a comprehensive, coordinated response directed by one of the most experienced leaders our nation has to offer," said Gen. Harry Raduege, chairman of the Deloitte Center for Cyber Innovation and the former director of the Defense Information Systems Agency and manager of the National Communications System. "With 40 years of experience in government, industry, law enforcement and international involvement, Howard brings the right credentials, background and enthusiasm to the White House."
Since the beginning of the year, the Obama administration has made cyber-security one of its priorities. After the May release of the 60-day Cyber-Security Review, Obama promised "a new comprehensive approach to securing America's digital infrastructure."
According to industry leaders and state officials, the selection of Schmidt represents a step in that direction. State chief information security officers (CISOs) say Schmidt's experience and understanding of government processes will help influence and bolster enterprise security programs on the state level.
"This is a guy who's made some personal initiative, without compensation, to help a state that's trying to get its enterprise security program up and running," said Christopher Buse, Minnesota's CISO.
Buse referred to Minnesota's fourth annual cyber-security executive briefing in October, where Schmidt served as the keynote speaker.
"As we build out the next generation of great information technology," Schmidt said in his address at Metro State University, "we also need to take into account the likelihood that someone will want to do harm, and build security from the beginning, rather than having to go back in and try to fix problems later."
His message resonated with Minnesota's information security officials, who have been developing the state's comprehensive tactical plan since the Enterprise Security Program started three years ago. Improving situational awareness and recognizing potential threats early has been a key issue for Minnesota, Buse said.
"When you start to spike a fever, you know you need to take some action," he said. "We need to have those exact systems in our government."
But that's not the only challenge that comes from building an enterprise security program from scratch. State governments can consist of hundreds of organizations on different networks with separate systems. Governance, Buse said, becomes critical in the effort to connect these departments.
Not the mention the financial hurdles. "Security is a tough nut to crack," Buse said, "particularly in hard budget times."
But Schmidt's dedication and decision-making skills, he added, will help leaders see what's needed to execute the state's information security vision.
"As people understand that you can take this problem and break it down into manageable chunks and that there's people out there doing the same thing," he said, "it really helps our case.
In Colorado, the Office of Cyber Security (OCS) is about halfway through a four-year strategic security plan, which consists of a massive consolidation effort. As the state moves forward, eliminating silo scenarios and hardening desktops and servers, Schmidt's appointment
represents the federal government's push to take cyber-security seriously, said Seth Kulakow, Colorado's CISO.
With his private and public experience, Kulakow added, Schmidt brings a unique perspective to the movement.
"He understands procurement and sole sourcing," he said. "It gives him a credibility that you wouldn't get if you've chosen someone who just has a public-sector life. It brings a nice mix to the field."
His resumé also caught the attention of other interested groups, who see his extensive background as a tool for collaboration, a crucial component for developing programs and implementing cyber-security measures.
According to The Blog @ Homeland Security, "Howard has demonstrated the ability to work across government regardless of party, and across industry, for many years," wrote Phil Reitinger, the deputy under secretary of the National Protection and Programs Directorate and director of the National Cybersecurity Center. "It is hard to find someone in the cyber-security community with whom Howard has not worked."
Phillip J. Bond, president of TechAmerica, sent a congratulatory letter to Obama on behalf of the company's 1,500 members and the technology industry at large, stating that the appointment of Schmidt signals a push for partnerships.
"We have long advocated for such a position in order to truly leverage the partnership of government and industry to simultaneously drive innovation in information technology and advancements in efforts to secure the national asset that is our digital infrastructure," Bond wrote. "Your selection of Howard Schmidt to serve in this role is a very strong and valued signal that this is a challenge for government and industry to solve together."