Security

The cyber czar: Hope or fear?

President Obama is poised to make good on his promise to appoint a security coordinator. Is hope or fear the more appropriate response from IT professionals?

When I reported China chooses FreeBSD as basis for secure OS, I said:

there's definitely something wrong with US information security policy.

Today, President Obama made it clear to the world that he agrees, when he said that America has failed for too long to protect the security of its computer networks:

It's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation.

The question on everyone's minds, of course, is "What exactly do you intend to do about it, Mr. President?"

In a rare case of an elected official actually fulfilling a campaign promise, Obama appears ready to appoint his new cyber security coordinator -- a working title for the position, though he hasn't settled on a final, official title for the new cabinet post. In response to questions about what kind of authority and budgetary support this new appointee would have, the President hedged by saying the czar would have "regular access" to Mr. Obama.

Under a cloud of fear and confusion, government officials increasingly appear to be in a panicked frenzy about the state of information systems security, as millions of "attacks" are made against US information technology resources daily. Meanwhile, many government agencies are probably on pause right now, waiting to see what new policies the appointment of a "cyber security czar" will herald.

Comically referring to network security crackers' tools as "weapons of mass disruption", President Obama seeks to frighten us into grasping the level of danger he wants us to perceive, and with the appointment of the slightly less comically labeled "cyber security czar", he seeks to reassure us that he's taking the necessary steps to mitigate those dangers. He started this whole trend in how he talks about information systems security well before the election when he first made his campaign promise to appoint a "cyber security czar" should he be elected.

When he made that announcement, basically everyone in IT professions -- and quite a few besides, of course -- sat up and took notice. Amidst speculations about who would inhabit the new cabinet post (comedy again, in some cases, such as suggestions pure corporate partisans with little actual IT security knowledge like Steve Ballmer might be "good" candidates), the general social climate seemed to be one of jubilation. Everyone seemed overjoyed at Obama's announcement, exclaiming that here, finally, was a Presidential candidate who "gets it". Yay! A "cyber security czar"! The promised land has come!

Meanwhile, I was watching all this unfold and thinking

Really? Think about this: a Presidential candidate -- a class of person who should be the object of suspicion by default -- wants to appoint the computer network policy equivalent to the so-called Drug Czar, who oversees the disastrously prosecuted "War On Drugs". Somehow, this leads to celebration. Are you people really thinking about this?

I, for one, like the Internet. I like its freedom, its impressive flexibility and usefulness and power as a tool of open and widespread communication of ideas. It is one of my favorite things in the world right about now. The idea that a President is creating an ill-defined cabinet post dedicated to regulating computer networking technology "for our own good" frankly scares the bejeezus out of me.

I'm not convinced President Obama is going to screw up the whole Internet (or, rather, the parts of it over which the US government can managed to exert influence). There's reason for hope here. Maybe he'll do it right.

I am, however, convinced that -- whenever government officials start talking about establishing new appointed positions and new agencies to oversee areas of our lives that have never been so centrally regulated before -- it's time to be profoundly suspicious. It may even be time to be scared, no matter what politician it is that says it. Even if you trust this President's intentions, you must realize that it goes far beyond that: there's the question of whether we can trust him to establish the new regulatory office with the right restrictions in place to ensure that it cannot be significantly abused to violate rights and privacy when the next President is in office, and the President following that.

There's no reason for that trust so far. His statements consisted of a lot of hand-waving, euphemizing, and ambiguous refusals to commit to particulars. He laid out a five point plan that basically explained the five different areas where he intends his information systems security policy to affect the operations of government, industry, and our individual lives; he promised he would ensure our civil liberties and privacy would be protected; and he promised the safeguarding of the prosperity facilitated by the Internet. He did not, however, tell us how any of that would be accomplished, or whose definitions of "civil liberties" and "privacy" and "prosperity" would fit into his list of priorities. The take-away from this is that we know, with maybe an 85% certainty, what specific areas of our lives are subject to both hope that he'll do the right thing and fear that he won't.

Time will tell. In the meantime, I ask that those of you in his target audience consider whether you're being too credulous, too blindly hopeful, and whether you should consider what constitutes the proper level of cynicism in your worldview when it comes to the expectations you grant to politicians. Make no mistake about it: Obama is a politician, and should not be exempted from the suspicions due politicians in general. Call it practical paranoia if you must.

So, the question remains: which is more appropriate, hope or fear? I choose both.

Hope for the best. Expect the worst.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

24 comments
nap.van.zuuren
nap.van.zuuren

What about Trusted Solaris (Sun Microsystems), now Solaris 10 with Trusted Extensions.

wbranch
wbranch

For a guy whose left-wing, and in my opinion a semi-closeted communist, he's creating more Czars than the Russian nobility. Kind of ironic.

stu.field
stu.field

I'm from the government and I'm here to help. yeah right

LarryBoy2
LarryBoy2

Yep. That's my estimation of it all.

reisen55
reisen55

Can any one, single individual serve as a Czar, or even Tsar, for that matter? It is impossible to manage everything EVERYTHING involved in Cyber. Even the large outsourcing firms with government inroads such as Computer Sciences Corp. cannot do it. To put such power into one hand is a fools game. The power however great cannot be exercised EVER. Oh maybe Skynet or something like that. Realistically, this is a smoke and mirrors game.

Sterling chip Camden
Sterling chip Camden

It's a way to say, "look, we're doing something about it." It's security theater (one of my favorite terms from Chad).

maxwell edison
maxwell edison

.....the camel's nose under the tent. We've seen what happens when we've let other noses under other tents.

NickNielsen
NickNielsen

It should not be appointed, but open to competition between qualified people. It does not need to be at Cabinet level. There should be no regulatory authority outside government agencies. In any case, I don't expect corporate buy-in to IT security, simply because it's easier to give lip service to IT security while saying "It can't happen here" than to implement and maintain actual security measures.

Ocie3
Ocie3

Unfortunately, though, the way that things "work" in Washington, D.C., any person and their staff (whether small or large) who wants to have any influence and a budget that might enable them to do the job must, at least at the outset, be part of the Office of The White House. Then again, it seems reasonable that oversight of IT security in and among federal departments and agencies could just as easily, whether effectively, be created in the Department of Homeland Security with a Deputy Secretary in charge. With regard to the Internet itself, is there any organization that is charged with actually "running" it?? This seems to be a twilight area, and there have been recurring efforts via the United Nations to make the Internet subject to UN governance. (God help us if they ever succeed!)

NickNielsen
NickNielsen

[i]Unfortunately, though, the way that things "work" in Washington, D.C., any person and their staff (whether small or large) who wants to have any influence and a budget that might enable them to do the job must, at least at the outset, be part of the Office of The White House.[/i] ...my point

midgarddragon
midgarddragon

Sounds like more right winger whining to me. Let the man actually do his job and see what comes of it before you assume the worst. It just makes you sound like a whacko still foolishly living in the Bush era, or at least wanting to go back.

wbranch
wbranch

Just remember, today this post is being created and filled by a left-wing politician, but at some point, there will be someone from the other side elected and they'll get to choose the cyber 'czar'. Just because you trust Obama, doesn't mean you SHOULD, and doesn't mean there won't be other politician who can abuse this newly created power. More government != More better.

maxwell edison
maxwell edison

.....your message to him is laughable. You know not of what you speak.

apotheon
apotheon

You're kidding -- right?

NickNielsen
NickNielsen

That makes you a right-winger. Didn't you get the email? ;)

Sterling chip Camden
Sterling chip Camden

Either you're with Obama, or you're against him. </sarcasm> People who think for themselves are what the world wants least but needs most.

apotheon
apotheon

Didn't you get the email? Nope. It must have been deleted by the spam filter.

seanferd
seanferd

and respond to other desk-flying bureaucrats, including the military. I'd hope Obama could pull off something good, but I don't really see it. This stuff never seems to work well. I'll see your Drug Czar, and raise you about 50 years of Cold War BS. Most of what I've heard, though not necessarily linked to any Obama plan (yet), seems to be the will towards offensive "cyber"-warfare, rather than any decent attempt to just secure sensitive government networks. It fits an age-old pattern, IMO. I'm sure there is money to be made from this somewhere, though.

apotheon
apotheon

What are your hopes and fears for the new cyber security coordinator appointee?

Sterling chip Camden
Sterling chip Camden

I think Obama means well, and he's a pretty bright guy -- but I worry about the long-term effects that he's putting into motion all over the place. In eight years, when the pendulum swings again, what rough beast will take hold of the powers that we have entrusted to this Messiah?

MyopicOne
MyopicOne

I just can't wait to see what comes from this!

Dr Dij
Dr Dij

any govt post that is called a 'czar' I don't have hopes for. These were the tyranical dictators who arbitrarily executed whoever they didn'/t like. Some were psychotic and paranoid.

Editor's Picks