Rich Cooper, Security Debrief


Washington
,
Mar 9, 2009
 

When President Obama tapped Melissa Hathaway to lead the new Administration’s 60-day review of nation’s cyber architecture and to present him with a plan for dealing with the most complex and interdependent of critical infrastructures, he made a good choice.  Every step of the way since her appointment, she and her team have gone to great lengths to engage Congress, the various federal departments and agencies, the private sector, international stakeholders, civil liberties groups and more.  They’ve been asking for input and suggestions on how we as a nation should deal with these complex issues. With this being Washington, her schedule is not devoid of encounters with people who have a lot on their minds and are willing to tell her how they think the world should be run.

Her job is truly Herculean and based upon the thoughts and comments she offered last week in a meeting with private sector organizations (US Chamber of Commerce, Business Software Alliance, Internet Security Alliance, etc.) as well as other recent meetings, we can anticipate a final report that delivers a solid, credible and concrete series of recommendations and overall strategy for cyber.  That’s great considering there doesn’t seem to be a strategy to much nowadays when it comes to cyber or the rest of the country’s pressing issues.

We have absolutely no plan, strategy or prioritization when it comes to infrastructure reinvestment.  We’re just hell-bent to throw money out the window and hope it turns out all right.

We have no real idea of who in the new Administration is the lead (other than the President of course) for leading the economic recovery.  Is it Treasury Secretary Geithner, Larry Summers, Paul Volker, Christina Romer….but to make us all feel better we’ve got a nice Web site – www.recovery.gov to keep an eye on it all.

We also now have decrying the role of the NSA in the nation’s cyber security efforts.

When you look at these facts and what the Administration is doing in cyber with Melissa Hathaway (which is really good) to provide some order and sanity to what can only be described as mass confusion and chaos (a sort of Lord of the Flies convention), along comes the White House announcement of the appointment of Vivek Kundra to be the country’s first Chief Information Officer.

Why and why now?

I’ve never met Mr. Kundra nor had the chance to work with him, so I can’t offer any personal testimonial on him, but based upon his performance in Virginia and the District of Columbia where he has previously served as Chief Technology Officer (CTO)/CIO, he’s got an extremely impressive track record.  There’s no doubt he’s got the credentials to be a CTO/CIO just about anywhere in the world but why are we appointing a CIO for the country before we know what the plan is going to be for cyber?  Why the need to put this position and person in place before we know what authorities he will have?

To date, we have any number of executive cyber positions across the US government but if you had to figure out who leads who, or what person was where and why, you’d have a better chance of figuring out Abbott & Costello’s ‘Who’s on First?’ routine before coming up with a cyber organization chart.  The new CIO position, for all of its merits and the exemplary qualifications of Mr. Kundra whose been tapped to lead it, only adds to the compounded confusion that permeates today’s cyber arena.

If this situation was not chaotic enough, this new position and its White House established authorities are also on a collision course with Congress.  According to the White House Press Release and the coverage, Mr. Kundra’s position will direct “the policy and strategic planning of federal information technology investments and is responsible for oversight of federal technology spending.  The Federal CIO establishes and oversees enterprise architecture to ensure system interoperability and information sharing and ensure information security and privacy across the federal government.”

So he gets to oversee federal spending on all IT projects; to exercise veto power over its various architectures; to mandate interoperability and to formulate privacy policy?  Wow!  I wonder how all of the other Federal CIOs feel about having another new boss to run their projects by and have their permission slips signed by before doing anything?

For all of the talk of “change,” there doesn’t seem to be a whole lot of it between this Administration and the previous one when it comes to exercising Executive Branch power.  This position is further proof.  Maybe buried somewhere in another thousand page bill that no one has read but passed anyway these authorities were provided for, but establishing this kind of  post with such broad authoritative powers across the federal government without any Congressional oversight is not going to sit well with certain Congressional Members and its “old bull” Committee Chairmen who have their own views on how policies, spending and architectures should be.

A few weeks ago, Sen. Robert Byrd (D-WV) raised his voice (and probably shook his cane) at the new Administration and its use of its various “czars” to bypass Congress to expedite policies, spending and so forth.  It’s hard not to be sympathetic to the new Administration on its desires to get things done quickly and efficiently.  Especially since Congress can’t pass a budget on time (or during the actual year the operating budget is for); show some measure of restraint to spending or even semi-respectable behavior to either side of the political aisles.

The reasonable excuses behind the establishment of the federal CIO (and the other czars) is still not an appropriate one for assuming and exercising authorities that have not been given by a government of the people, for the people.

Cyber has now been dragged into this emerging Constitutional conflict which only adds to the confusion that has been rampant for so long.  Who knows if clarity will ever come?

This piece was originally posted on Security Debrief.

Comments

Post Comment

Your email address will not be published.