Last Word: Schmidt on Being the Non-CzarCritiquing the Critique of His Tenure as Cybersecurity Coordinator
Howard Schmidt wasn't available for comment when I wrote the blog The Cybersecurity Czar Who Wasn't, my assessment on his 2Â½-year tenure as the White House cybersecurity coordinator, which ended June 10.
Schmidt delivered a keynote address at this past week's Gartner Security Summit [see Howard Schmidt Resumes Private Life], and in his opening remarks cited me by name and my observation that his job was not that of a cybersecurity czar, which was the main theme of the blog. Still, elements of the blog didn't please Schmidt, who says he was extremely busy wrapping up his White House job to talk to me for my story. Fair enough.
If you look at the things we have been able to do over the past 2Â½ years, it doesn't require running to the president every five minutes to have some level of authority and influence.
The elements of the blog that Schmidt took exception to were the perception of the role of the job, his place in the White House hierarchy and his relationship with agencies' chief information security officers.
The blog's premise was that people had higher expectations for Schmidt because they perceived the job as a cybersecurity czar and not as a coordinator, a point with which he concurs. Still, he says he feels the tone of the blog - which he says he didn't read but was related to him by the White House staff - insults career civil servants working hard to defend the nation. [I don't think the blog insults civil servants; you can read it and determine for yourself.]
Schmidt also questions the contention that his position in the White House pecking order diminished his role. The White House staff hierarchy consists of assistant to the president (the top title held by the likes of the chief of staff), deputy assistant to the president and then special assistant to the president. "The fact that it comes from three levels down in the White House is unreasonable," says Melissa Hathaway, who led the team that developed Obama's cyberspace initiative. "He's not high enough in the whole positional food chain."
"When you look at the title cyberczar, and we said since the very beginning, that this position was a coordinator role, special assistant to the president," Schmidt says. "It's kind of unique situation because on the cyber coordinator, the chain of command, if you would, is dual between the national security adviser, National Economic Council, and there's no deputy thing in between.
"Not withstanding that, the bigger issue is the fact that there are a lot of men and women working at the White House as career civil service people for years, who make a difference every day [and] help affect the president's decisions, their policies and everything else. I think it's really insulting to suggest that somehow, you've got to be in the Oval Office every five minutes with the president to have some authority and influence.
"If you look at the things we have been able to do over the past 2Â½ years, it doesn't require running to the president every five minutes to have some level of authority and influence. ... It requires doing a lot of work, keeping the president briefed on what's going on, but also making sure you're getting direction from him. "
Another problem Schmidt has with the blog is a comment attributed to Robert Bigman, who retired this spring after 15 years as CISO at the CIA. "I don't recall Howard ever sitting down with the federal government CISOs and having a discussion about information security issues," Bigman says.
Schmidt says he communicated with CISOs in several ways. "If a CISO from an agency would call my office," he says, "I'd pick up the phone to talk to him."The Federal CIO Council also served as a forum for Schmidt to interact with agency CISOs. "The CIO at the time, Vivek [Kundra] and subsequently Steve VanRoekel, would have CIO Council meetings with the CISOs; I attended I don't know how many of those [with] Q&A and all that other stuff," Schmidt says.
The main point of the blog, one that Schmidt agrees with, is that expectations of the job were unrealistic if the perception was one with czar-like powers.
His job was that of a coordinator and under the increasing partisan nature of politics in Washington these days, Schmidt did a good job coordinating cybersecurity in the the federal government. "Howard can be credited for being one of the major influences on the emergence of cybersecurity as a major issue requiring far more intensified public policy analysis and direction than was the case before Howard took office," says Larry Clinton, who as head of the Internet Security Alliance has had policy differences with Schmidt, but characterizes the retired cybersecurity coordinator as an "unsung national hero" [see Obama Cybersecurity Coordinator Resigns].
Here's how Schmidt sums up the job:
"Nobody in these sort of positions is (issuing) a directive. They don't get in there and say, 'You have to go do this, you have to go to do that.' Especially my role, which the only other coordinator role is the weapons-of-mass-destruction coordinator. So, it's a matter of getting all the people together and moving forward."