Leadership Disarray in the Cyber World
Leadership turnover has been a prevailing theme across the Federal government’s initiatives to refine its global cybersecurity strategy. Most recently, the head cyber official within DHS, Phil Reitinger, announced his resignation from the position, citing “personal reasons.” The move came as a surprise in the face of his immense success in expanding the department’s cyber personnel, defining its role in the protection of domestic critical infrastructure, and driving public sector perspective on the Internet ecosystem.
Reitinger replaced the first NCSC director, Rod Beckstrom, in early 2009, who stepped down from the role within a year of its creation. Beckstrom publicly attributed his departure to NSA interference in DHS cyber matters and a lack of funding support amid efforts to design a cohesive national cybersecurity strategy. However, leadership turnover is not specific to DHS, as the White House lost its leading “cyber czar” candidate, former Bush-aide Melissa Hathaway, in late 2009 after she “finished what they asked her to do” in architecting and designing the White House cyber organization. Hathaway’s association with a legacy Administration, her thoughts on the regulation of private-sector entities, and the accountability to multiple overseeing councils have been associated with her departure. Subsequent to Hathaway’s resignation, several of the field’s preeminent thought leaders declined the position before former Microsoft executive Howard Schmidt assumed the role.
Due to changing Administration priorities and the constant evolution of national cybersecurity initiatives, “cyber czar” positions have fallen out of favor among many qualified candidates. Citing Beckstrom and Hathaway, inter-governmental turf wars (e.g., NSA vs. DHS, National Security Council vs. National Economic Council) and highly-charged political environments (e.g., Obama staking a meaningful part of his legacy on cyber policy), have become overly influential with respect to the proper supervision of the nation’s cyber efforts. Additionally, the mounting threat environment and the government’s evident security challenges significantly underscore the responsibility and accountability of such positions. Simply put, “cyber czar” roles have become high-pressure tasks that carry significant personal downside risk.
It is apparent those most qualified for these roles, such as former tech executives and experts within government, have a myriad of lucrative opportunities within the private sector, where compensation is higher and scrutiny is less. While potential replacements for Reitinger are currently being socialized (Former Energy and Air Force CIO John Gilligan and current interim DHS cyber chief Greg Schaffer have been noted as frontrunners), one would hope the next “cyber czar” fully understands his / her impending responsibilities and is ready to make a long-term commitment to properly executing the nation’s cybersecurity strategy.