US President Obama later this week will formally appoint a cyber czar to coordinate a national strategy for securing cyber space the Washington Post reported today.
The czar will have unprecedented authority to oversee the development and enforcement of policies for protecting critical government and private infrastructure assets against cyberattacks. The adviser is expected to be a member of the National Security Council and will report both to the national security adviser and the senior White House economic adviser, the Post said, citing unnamed government sources.
It's unclear what rank and title the new official will hold, but the goal is to have someone who will have direct access to the president on cybersecurity matters, the unnamed Post sources said.
The appointment will coincide with the release by the White House of a report summarizing the findings of a cybersecurity review undertaken earlier this year at the president's behest, the Post said.
The 60-day review was led by Melissa Hathaway, a Bush administration aide who was appointed acting senior director for cyberspace by Obama in February. Hathaway was asked to examine how federal cybersecurity efforts could be better aligned with the threats they are designed to mitigate. Her review was completed in April.
Among those whose names have been cited as potential candidates for the post are Hathaway and Paul Kurtz, former special assistant to President George W. Bush and senior director for critical infrastructure protection on the White House's Homeland Security Council. Kurtz is a partner with the Washington-based security consultancy Good Harbor Consulting LLC.
Obama's appointment is sure to be welcomed by many in the security industry who have been clamoring for the creation of a cybersecurity post within the executive offices of the president. Among those arguing for a more direct White House role has been Hathaway.
Speaking at the RSA Security Conference last April, Hathaway said the White House alone had a broad enough perspective and influence to force government agencies to make the changes they needed to bolster security.
"Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law," she said at the time. Hathaway said that based on her review, the federal government isn't organized to address threats in cyberspace. Responsibilities for cyberspace are scattered across too many departments, many with overlapping missions and authorities, she said.
Similar views were expressed earlier this year by the Center for Strategic and International Studies (CSIS) a Washington-based think-tank that in December submitted a set of cybersecurity recommendations to the president. Among the recommendations was one that called for the creation of a White House office that would have the authority to develop and enforce a national strategy for cybersecurity.
In addition to such recommendations, a bill was proposed in April by Sens. Jay Rockefeller (D-W.Va) and Olympia Snowe (R-Maine) that would give the president and other federal authorities unprecedented new powers in national cybersecurity matters.
The calls are being prompted by what many say is the absence of a national strategy for protecting U.S. interests in cyberspace against a growing range of international and domestic threats. The U.S. Department of Homeland Security is in charge of coordinating efforts to protect government and private infrastructure against Internet attacks, but the agency has come under heavy criticism for lacking direction and being too weak to effect governmentwide change.
The calls for White House leadership are also being driven by what some say is the growing efforts by the National Security Agency (NSA) to wrest leadership on cybersecurity matters away from the DHS and other civilian agencies. The concerns bubbled into the open in March when Rod Beckstrom, director of the National Cyber Security Center (NCSC), resigned because of what he said was the NSA's domination of the nation's cybersecurity efforts. The concerns led the spy agency's director Lt. Gen. Keith Alexander to announce last month that the NSA has no desire to run cybersecurity for the federal government and only wanted to team with the DHS in developing and enforcing cyberdefenses for government and military networks.