In cybersecurity, everyone’s a critic
After Melissa Hathaway's departure, what's next for the cybersecurity-coordinator position?
Some news stories are like modern art: They spark endless discussion, interpretation and explanation — but very little agreement.
Such was the case last week when Melissa Hathaway, who was believed to be a leading candidate to serve as the Obama administration’s cybersecurity coordinator, announced she was no longer interested in the job.
According to a report by the Washington Post's Ellen Nakashima, Hathaway withdrew her application because she was frustrated by the delay in appointment.
This story generated a lot of coverage, no doubt because President Barack Obama himself had announced plans to create this position and promised to take a role in making the appointment.
But the sources quoted by the various news outlets could not agree on why Hathaway did not get the job and, more important, why the position remains unfilled.
The simplest explanation is politics as usual. According to a source quoted by the Washington Post, Hathaway “had ‘the sense that this was very political, that she has been too closely tied to the Bush administration.’"
But other observers say the political dimension is more nuanced than that.
“The hunt for a cyber czar has been fraught with problems, as the administration seeks someone with the requisite political and technological skills and a reputation strong enough to command respect from Silicon Valley to Capitol Hill,” according to the AP’s Lolita Baldor.
So perhaps Hathaway simply was not enough of a political heavyweight, whatever her technical qualifications.
One former technology policy adviser in the Bush administration described it as an “almost superhuman” position, Baldor writes.
Well, yes and no.
It might take a superhero to win approval from all the various stakeholders, but the job involves little power, as some experts see it.
"The position as set up is designed more for bureaucracy and empire building, not driving change for the better of cybersecurity," John Pescatore, an analyst at Stamford, Conn.-based Gartner, told Computerworld’s Jaikumar Vijayan. "It really does need someone who is more interested in the political and visibility aspects, not the heavy lifting" required for better security.
One problem, several experts agree, is that the cybersecurity coordinator will not report to the president but to both the National Security Council and National Economic Council.
In an interview with Computerworld, Alan Paller, director of research at the SANS Institute, speculated that the councils’ leaders do not plan to vest the cybersecurity coordinator with too much authority.
The national security adviser, on the one hand, does not believe cybersecurity is as important as other threats, such as nuclear technology, while the national economic adviser might fear that overly aggressive cybersecurity policies could hurt economic growth, Paller said.
So what does it all mean?
Forget the nuances: Sen. Susan Collins (R-Maine) sees it all in black and white, according to the New York Times.
Collins, “who has worked closely with the Democratic president on many issues, blasted Hathaway’s departure as a sign of the Obama administration's lack of leadership in cybersecurity,” according to the Times.
The Obama administration, likewise, is not interested in deconstructing last week’s events.
Rather than counter all the speculation and criticism, a White House spokesman painted a simple picture, assuring numerous reporters that cybersecurity remains a major priority for Obama and that a “rigorous selection process is well under way.”
And so the show goes.