December 22, 2009 By Russell Nichols
For the first-ever White House cyber-security coordinator, President Barack Obama appointed a man who has played on both the public- and private-sector sides of the security fence.
In the George W. Bush administration, Howard Schmidt was the vice chairman of the president's Critical Infrastructure Protection Board and a special adviser for cyberspace security. He also served as a security executive at eBay and Microsoft.
In his new role as the nation's cyber-security chief, Schmidt will have "regular access to the president and serve as a key member of his National Security Staff," John Brennan, assistant to the president for homeland security and counter terrorism, said in the statement. Other duties include strengthening computer security for various agencies, developing new technology and conducting national campaigns for cyber-security awareness.
"The enormous challenge our nation faces requires a comprehensive, coordinated response directed by one of the most experienced leaders our nation has to offer," said Gen. Harry Raduege, chairman of the Deloitte Center for Cyber Innovation and the former director of the Defense Information Systems Agency and manager of the National Communications System. "With 40 years of experience in government, industry, law enforcement and international involvement, Howard brings the right credentials, background and enthusiasm to the White House."
Since the beginning of the year, the Obama administration has made cyber-security one of its priorities. After the May release of the 60-day Cyber-Security Review, Obama promised "a new comprehensive approach to securing America's digital infrastructure."
According to industry leaders and state officials, the selection of Schmidt represents a step in that direction. State chief information security officers (CISOs) say Schmidt's experience and understanding of government processes will help influence and bolster enterprise security programs on the state level.
"This is a guy who's made some personal initiative, without compensation, to help a state that's trying to get its enterprise security program up and running," said Christopher Buse, Minnesota's CISO.
Buse referred to Minnesota's fourth annual cyber-security executive briefing in October, where Schmidt served as the keynote speaker.
"As we build out the next generation of great information technology," Schmidt said in his address at Metro State University, "we also need to take into account the likelihood that someone will want to do harm, and build security from the beginning, rather than having to go back in and try to fix problems later."
His message resonated with Minnesota's information security officials, who have been developing the state's comprehensive tactical plan since the Enterprise Security Program started three years ago. Improving situational awareness and recognizing potential threats early has been a key issue for Minnesota, Buse said.
"When you start to spike a fever, you know you need to take some action," he said. "We need to have those exact systems in our government."
But that's not the only challenge that comes from building an enterprise security program from scratch. State governments can consist of hundreds of organizations on different networks with separate systems. Governance, Buse said, becomes critical in the effort to connect these departments.
Not the mention the financial hurdles. "Security is a tough nut to crack," Buse said, "particularly in hard budget times."
But Schmidt's dedication and decision-making skills, he added, will help leaders see what's needed to execute the state's information security vision.
"As people understand that you can take this problem and break it down into manageable chunks and that there's people out there doing the same thing," he said, "it really helps our case.
In Colorado, the Office of Cyber Security (OCS) is about halfway through a four-year strategic security plan, which consists of a massive consolidation effort. As the state moves forward, eliminating silo scenarios and hardening desktops and servers, Schmidt's appointment
You may use or reference this story with attribution and a link to