Tech Industry Wants Cybersecurity Czar

With the resignation of the second cybersecurity czar in three months, prominent tech industry groups are itching for the Bush administration to appoint a permanent and central figure to make sure the nation's circuits are properly protected.

White House cybersecurity adviser Howard Schmidt announced his resignation on Monday. Schmidt, a former Microsoft security expert, only served in the position since February, when he replaced Richard Clarke, who resigned after 11 years as the nation's point person on critical infrastructure protection.

Tech industry members say the president needs a strong person to fill the role of the government's main authority on technology security.

"We are concerned ... that the cybersecurity issue is losing visibility in the White House," said Information Technology Association of America President Harris Miller.

"I think there is a wave of concern in industry about the appearance or perception of de-emphasizing cybersecurity," added Dave McCurdy, president of the Electronics Industry Alliance and executive director of the Internet Security Alliance.

Miller said the industry is thankful that several qualified people are serving in critical infrastructure protection positions at the new Department of Homeland Security, but a central point of contact is critical.

"Frankly, when everybody is in charge of an issue, nobody is in charge of the issue. In this case, the 'bully pulpit' opportunity to influence the development of a truly secure cyber infrastructure and associated best practices will be lost," he said.

In February, Schmidt took over the position from Clarke as head of the president's Critical Infrastructure Protection Board, which coordinates government actions to protect computer networks and systems. On Monday, the White House said Schmidt had chosen to return to the private sector.

In his missive to staff and industry officials announcing his departure, Schmidt noted that many of his duties have been transferred to DHS.

He added: "While significant progress has been made, there is still much to do."

Industry members say Schmidt, a "tireless champion dedicated to critical infrastructure protection and making the nation more cyber secure," will be sorely missed.

"The online community owes him a debt of gratitude for raising awareness on this vital issue," Miller said.

However, the Bush administration insists efforts to protect the cybercommunity will continue.

"I pledge to you that the administration is focused on [cybersecurity] all the way to the highest level," Mark Forman, the White House e-government chief, told the Government Reform's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census earlier this month.

Earlier this year, the White House released its National Strategy to Secure Cyberspace. President Bush may ask Congress to enact legislation to put more aspects of the strategy into play.

The strategy lays out what government, the private sector and consumers should do to protect their computer networks. The industry envisions the new cybersecurity measures shepherding this roadmap toward implementation.

Even without a czar, the White House has been actively installing officials into positions aimed at beefing up computer security -- including naming former New York Police Department counter-terrorism commissioner Frank Libutti as DHS undersecretary of information analysis and infrastructure protection.

Shannon Kellogg, director of information security policy at the Business Software Alliance, said that so far, relations are good with Libutti as well as Paul Kurtz, the White House senior director of critical infrastructure protection with the Homeland Security Council; and Robert Liscouski, DHS assistant secretary of infrastructure protection.

But, Kellogg said, industry would like to work with someone who can give the final answer.

"We think the administration is heading in the right direction. We'd like to see them continue to elevate this issue and keep it as an important national priority," he said. "Certainly, our position has been we would prefer to have a central point of contact who's coordinating and working with industry that focuses on cybersecurity."

Added Dan Burton, vice president of government affairs for the computer security company Entrust, Inc., "It's very important to have a point person on cybersecurity who is responsible exclusively for that issue. If cybersecurity gets mixed in with physical security or broader issues, then it tends to get lost. That's something we can't afford as a country and certainly can't afford in the war on terror."