Organizational challenges and governance questions appear to be gaining the upper hand in faltering efforts by the White House and DHS to address America’s cybersecurity. Last week two respected leaders in the cybersecurity realm, Melissa Hathaway of the White House and Mischel Kwon of the Department of Homeland Security Computer Emergency Response Team (DHS CERT), announced their resignations.
From the WSJ’s Siobhan Gordon on Melissa Hathaway, reported on August 4, 2009:
The White House’s acting cybersecurity czar announced her resignation Monday, in a setback to the Obama administration’s efforts to better protect the computer networks critical to national security and the global economy. The resignation of Melissa Hathaway, Barack Obama’s choice to monitor the nation’s online security, is a blow for the administration, which had made the position a priority. The resignation highlights the difficulty the White House has had following through on its cybersecurity effort. In February, the White House tapped Ms. Hathaway, a senior intelligence official who had launched President George W. Bush’s cybersecurity initiative, to lead a 60-day cybersecurity policy review. Ms. Hathaway completed her review in April, but the White House spent another 60 days debating the wording of her report and how to structure the White House cyber post. National Economic Adviser Larry Summers argued forcefully that his team should have a say in the work of the new cyber official. The result was a cybersecurity official who would report both to the National Security Council and the National Economic Council. Supporters said that arrangement would cement cybersecurity as a critical security and economic issue; detractors said it would require the new official to please too many masters and would accomplish little. “It’s almost like the system has become paralyzed,” said Tom Kellermann, a former World Bank cybersecurity official who served on a commission whose work influenced the White House’s cyber planning.
From the Washington Post’s Ellen Nakashima, reported on August 8, 2009:
Mischel Kwon, the director of the Department of Homeland Security’s U.S. Computer Emergency Readiness Team, submitted her resignation letter this week. … Kwon, who is the fourth US-CERT director in five years, was frustrated by bureaucratic obstacles and a lack of authority to fulfill her mission, according to colleagues who spoke on the condition of anonymity. In March, another Homeland Security cybersecurity official, Rod Beckstrom, resigned, citing a lack of support inside the agency and what he described as a power grab by the National Security Agency. The resignations, although unrelated, point to a larger inability of the federal government to hire, retain and effectively utilize qualified personnel, experts said.
[Note: Beckstrom has recently become the CEO of ICANN]
While these resignations do send a message, we must be equally concerned about positions that get less daily press but are equally critical because they deal with the details of policy implementation. In my view, the fact that we are now seeing departures from people who are in critical execution positions raises a red flag, particularly because it appears that organizational dysfunction and lack of coordinated leadership are at the root of these departures. From government’s perspective, the cybersecurity problem is difficult to address effectively because it is widespread, new, and amorphous relative to other types of criminal activity (for example, a bank robbery by an armed gunman). It also crosses many disciplines and therefore touches multiple competing government bureaucracies.
Our nation’s policy leaders need support from empowered lieutenants to execute on policy. As a nation, we cannot afford to take our collective eye off the ball as we address the challenges faced by the U.S. economy, the U.S. capital markets, and America’s cybersecurity. President Obama’s ambitious agenda will stand or fall on the ability of people to implement the Vision. While critics are quick to seize upon the Administration’s mis-steps, whether you support the Administration or not, we should all be very concerned when we see highly respected domain experts voting with their feet.
The vast scope of the cybersecurity challenge and the urgency with which we must address it present us with opportunities to contribute at many levels. Let’s not stand down but rather rise up to meet this challenge head on, even if we must do so incrementally.
You must be logged in to post a comment.