Opinion

What Should WH Cybersecurity Coordinator's Job Description Look Like? One Man's View

Part 2 of Ariel Silverston's "Mission Impossible" series: If President Obama's new cybersecurity coordinator is to have any real impact, there are a few things that will need to be worked into the job description.

By Ariel Silverstone, CISSP

July 01, 2009 — CSO —

About this series: In a paper he wrote and published before President Obama's announcement regarding the creation of a national cybersecurity coordinator, Ariel Silverstone, a CISSP and former member of the Israeli Defense Forces, put forward his thoughts about the necessity of having a chief security officer for the United States. In this second installment, he discusses where he sees the CSO role fitting in, and the core "Three Tenets" he sees as critical to success in this role. Silverstone also lists his vision for the next 6 (of 23) tasks that he sees as essential for information security in the United States.

READ PART 1: Mission Impossible? A Plan to Secure the Federal Cyberspace

PLACEMENT AND REPORTING STRUCTURE
This position will bear responsibility for the entire civilian government. Placing it within the Department of Homeland Security (DHS) sends the wrong message that the other agencies would not have to abide by its decisions. Further, in Industry sectors that are not traditionally related to defense, a conflicting set of requirements, such as those from the Department of Commerce, may exist.

To send a uniform, measured and coherent voice, I believe that this position should exist within the Executive Office of the President. Just as the nation's chief information officer (CIO) and chief technology officer (CTO) co-ordinate efforts from that office, so should the CSO, working closely with his peers, to the breadth of the civilian government. The Office of Management and Budget (OMB) will be one ideal place for such an endeavor, where the functions of the office can physically take place.

Day-to-day oversight of this position should be given to the chief of staff, however, and the person should report directly to the President of the United States in regards to progress on all urgent, tactical and strategic plan tasks. Additional oversight is provided, of course, by the system of government we call Checks and Balances that allows the United States Congress to demand reports and performance of certain tasks.

As we have learned lessons during the time passed since the creation of this position at the Department of Homeland Security, this position must have at its disposal a federal purchasing authority. The ability to make budgetary decisions, for specific and for government-wide tasks, not only for efficiency but also especially for the ability to affect performance, is essential.

Budget
Since cybersecurity is an evolving challenge, and since we are addressing different time horizons here, we must ask Congress to allocate a multi-year budget to this opportunity. The sheer size of the challenge demands the ability to focus on proper solutions, whether short- or long-term, and discourages a quick-fix approach.