Is Tom Davis Too Qualified to be Cyber Czar? (The Public Eye)

Is Tom Davis Too Qualified to be Cyber Czar?

June 19, 2009 - Eric Chabrow

http://blogs.govinfosecurity.com/posts.php?postID=218

Former Rep. Tom Davis' name has popped up before and it's come up again as President Obama's new cybersecurity czar.

A story posted on Time's website Friday says the moderate Republican from northern Virginia has emerged as a leading candidate for a job Obama describes as cybersecurity coordinator. White House sources quoted by Time who say the administration feels a Washington power player would make a better candidate than a tech guru. "They want someone who understands technology issues, but more importantly, knows how to get things done in Washington," says a cybersecurity expert who has been consulted by the White House. "There are very few people who have that combination of skills, and Davis is at the top of that short list." 

There are very few people who have that combination of skills, and Davis is at the top of that short list.

Davis, indeed, is among the most qualified and influential people in Washington when it comes to information technology, IT security and getting things done. He's a wheeler-dealer in the best sense of that term. Indeed, as chairman of House panels overseeing government IT, Davis shepherd through Congress the E-Government Act and the Federal Information Security Management Act, which governs cybersecurity in the federal government. He's also a whiz at understanding the ins and outs of government procurement, important knowledge considering the amount of technology and services the government will acquire to in the coming years to secure IT systems and data.

But unless Obama boosts the cybersecurity adviser's job on the White House organizational chart a few notches to guarantee greater, direct access to the president, would someone of Davis' stature accept the job? So far, Obama has characterized the post as a cybersecurity coordinator, and coordinator doesn't sound very much like an influential of a role.

In an interview with GovInfoSecurity.com earlier this year, before Obama outlined his cybersecurity agenda in late May, Davis saw the need for the government to spend heavily on IT security, and expressed disappointment that no money was earmarked for cybersecurity in Obama's stimulus package. Davis said:

You are competing for dollars and priorities at this point ... but you know, at this point, we are not where we need to be and I think everybody understands that.

Davis sees the power of the buck in getting things done, and says Congressional appropriation process is a good vehicle to get federal agencies to improve federal IT security.

You have got to get the appropriators involved in this or I think otherwise there is no and you have got to make sure that this comes down from the top from the president that this is a priority. I get the feeling sometimes that everybody is hoping this won't happen on their shift. They are not getting additional dollars in any of these cases, they try to secure your networks but without any additional money they have a lot of other missions that they are trying to accomplish and you get no credit for doing anything here. It doesn't help you accomplish your mission, and you are trying to make sure you don't get a cyber attack, but you don't get any credit if an attack doesn't come whether you put FISMA or not and you are just taking the chance that it doesn't hit on your watch. Now, though, we are getting more and more penetrations and I think people are starting to get worried.

And, here's how Davis describes the government's current cyber defense stature:

It is still very stovepipe and we are going to have some cyber attack somewhere and there are going to be some damages done and at that point people are going to what to know what have you done about it. A lot of us have been screaming about this for years, Republicans and Democrats, but at the end of the day you can't legislate this stuff because it comes from the executive branch. Hopefully, after they have finished their study at this point they will put some money behind this. That is our goal and that is the hope.

Besides Davis, others mentioned as the potential White House cybersecurity adviser, according to Time and others:

• Melissa Hathaway, who led the administration's 60-day cybersecurity review and former cybersecurity advisor to President Bush (read our profile on Hathaway).
• Fred Kramer, assistant defense secretary for international security affairs under President Clinton;
• Howard Schmidt, a onetime Microsoft chief security advisor and former adviser to Bush on cyberspace security and protection of critical infrastructure (read BankInfoSecurity.com's interview with Schmidt on the war on cyber crime)
• Paul Kurtz, an Obama advisor who served in the National Security Council under Bush and Clinton (read/listen to our interview with Kurtz);
• Susan Landeau, a Sun Microsystems's distinguished engineer with cybersecurity and public policy expertise;
• Maureen Bainski, a former FBI intelligence leader; and
• Scott Charney, head of Microsoft's cybersecurity division.