Departures of top cybersecurity officials reflect realities of governing
Connecting state and local government leaders
The recent resignations of White House cybersecurity adviser Melissa Hathaway and US-CERT director Mischel Kwon should not be construed as indicators that cybersecurity has fallen off the Obama administration's radar screen.
The recent resignations of two high-profile cybersecurity officials from the Obama administration, coupled with apparent delays in the naming of the new White House cybersecurity coordinator, have given rise to some grumbling in the information technology community that the issue has fallen off the White House radar.
Don’t be too quick to read much into these developments. Even if cybersecurity is not currently No. 1 on the president’s agenda that does not mean the issue has disappeared. We should focus on policies, not personalities.
Melissa Hathaway, acting senior director for cyberspace, announced earlier this month that she was leaving the position. She also had been an adviser in the Bush administration and gained a high profile when she was tapped to conduct a comprehensive 60-day review of the government’s cybersecurity posture. That review resulted in the president’s announcement in May of the creation of a White House cybersecurity coordinator whom he would personally select.
Hathaway’s announcement was followed by the resignation of Mischel Kwon as director of the Homeland Security Department’s U.S. Computer Emergency Readiness Team (US-CERT). Kwon, who made a name for herself as an effective administrator and security evangelist during a long government career in IT, will become vice president of public-sector security solutions at RSA, the Security Division of EMC Corp.
These departures contributed to frustration within the IT security community over the length of time it has taken the president to find a cybersecurity coordinator. A selection originally was hoped for in June, and then expected by the end of July. Now, going on three months since the announcement of the position, there still is no word of who will fill it.
This delay is disappointing, but should not be disheartening. The president walked into the White House in January with two wars and a global economic crisis to deal with, and has staked much of his political capital on an effort to move a major health care reform bill quickly through Congress in the face of increasingly hostile opposition. On top of those challenges, there was a new Supreme Court justice to select and shepherd through confirmation. It is not surprising if attention has been diverted from the selection of a cybersecurity coordinator.
It also is not surprising if it is proving difficult to find a qualified person who is willing to assume the position. Overseeing cybersecurity within an unwieldy, highly decentralized and diversified federal infrastructure — characterized by embedded legacy installations often dating back decades — will be a daunting job. And recent experiences of the administration’s chief information officer indicate that it is likely to be a thankless job, as well. Blog posts have accused Vivek Kundra of inflating his resume with phony academic degrees and other credentials, charges which appear to be unfounded. It is no wonder if the administration is being cautious in its selection of a coordinator, and no wonder if candidates are cautious about accepting.
I do not pretend to have inside knowledge of Hathaway’s and Kwon’s reasons for leaving government. But the moves are hardly surprising. Hathaway’s position was an acting one. Maybe she wanted — or did not want — the permanent coordinator’s position. Either way, her decision says more about her own goals and decisions than the administration’s. And it is not unusual for an official with the amount of experience Kwon has to leave government for a berth in the private sector. The chance to parlay her experience into a well-paying career is attractive, and the early months of a new administration are an obvious time to make such a move.