President Obama plans to name Howard A. Schmidt, a veteran cyber security warrior with experience at senior levels of government and industry, to fill a long-anticipated cyber coordinator position at the National Security Council, administration officials and outside consultants confirmed. (The news was first reported by the cyber beat reporters at the Times and the Post.)
In government, Schmidt most recently served as a top-level cyber security official in the Bush administration and as a member of a Department of Commerce committee on information security and privacy. He was Microsoft's chief of security, worked for the FBI and the Air Force, and has served in the military. Along with former Defense Department official Frank Kramer, Schmidt was seen as the front-runner for the position. He became the favorite after administration officials found themselves determined to select a senior cyber official who had close ties to industry and to civilian law enforcement agencies.
"Howard is a good march for this task," said Vint Cerf, Google's chief Internet evangelist. "I've been impressed by his consensus-building style. He's thoughtful, knowledgeable, and he knows Washington."
Over the next several years, the administration and Congress want to build a cyber security culture that requires the acquiescence of American industry to a new balance between privacy, profit and the transparency and security of their communication infrastructure. Business groups are skeptical of legislation to codify the government's power to shut down threatened computer networks and to give them the legal authority to monitor the private "dot.com" domain for threats. At least a dozen committees in Congress are dealing with cyber now; the Pentagon has stood up a new cyber command, headed by the director of the National Security Agency, and the Department of Homeland Security is working to rapidly build its own capacity to detect and mitigate threats to government domains.
Schmidt has credentials unique to the job: he received his masters in organizational management from the University of Phoenix, a (fully accredited and esteemed) mostly online university. He's also been eBay's chief cyber security officer and is now the president and CEO of the Information Security Forum, a non-profit. He's seen as an effective public communicator
, and the administration hopes he'll be a front-line spokesperson for the difficult and complex conversations that securing cyberspace will prompt. "It's not an easy job, but I am confident that he's a first-rate choice," said Cerf, who has known Schmidt for a decade.
Alex Howard, associate editor of SearchCompliance.com, a tech newsletter, noted via Twitter (@digiphile) that cyber experts inside the government and in the business community will take comfort knowing Schmidt possesses two security industry certifications, including a CISSP (Certified Information Security Systems Professional) credential.
Mr. Schmidt will report to the president through the chief of counterterrorism on the National Security Council, John Brennan, who headed the search committee. Schmidt met last week with President Obama, according to sources with knowledge of the meeting. Given the magnitude of the cyber challenge, experts inside and outside the government hoped that Obama would give the NSC cyber coordinator direct walk-in access to the president.
"The coordinator will work closely with -- and collaborate with -- the National Economic Council on cyber security issues," an administration official said. "Schmidt will have regular access to the president, ensuring that the president is kept up to date on all key cyber security issues. Cyber security and economic innovation are mutually reinforcing. Strong cyber security, baked in from the beginning, enables innovation to succeed and ensures that the platforms for innovation are resilient. The fact that the coordinator participates in both national security and economic discussions strengthens the position."
Cyber power and cyber threats are among the most worrisome -- and least discussed -- threats to security, Obama administration officials believe. Brennan has compared the destructive potential of a cyber attack on the nation's power or financial grid to the threat posed by nuclear proliferation. Adm. Mike McConnell (ret.), the former Director of National Intelligence, has said that he believes it will take a major cyber crime or incidence of cyber terrorism to instill the requisite sense of urgency among policymakers.
It'll be a thankless job: given the near-certainty that the government will experience some massive data breach or a major cyber terrorism attack, Schmidt will be both the point person -- and the person seen as responsible, even though he lacks the statutory authority to prevent these catastrophes.