DHS cybersecurity appointment seen as government-industry bridge
Appointing McAfee's Phyllis Schneck welcomed given new tension between government, private sector following NSA revelations
By Antone Gonsalves
August 20, 2013 — CSO — Phyllis Schneck, the McAfee executive appointed to head the Department of Homeland Security's (DHS) cybersecurity efforts, is the right choice to build cooperation between government and the private sector in protecting the nation's critical infrastructure, security experts say.
DHS Secretary Janet Napolitano announced on Monday that Schneck would be the new deputy undersecretary for cybersecurity, succeeding Mark Weatherford, who left in April to join consultancy The Chertoff Group. In her new role, Schneck takes on one of the top cybersecurity jobs in the nation.
At Intel-owned McAfee, Schneck was vice president and chief technology officer for the company's public sector business. She has a Ph.D. in computer science from Georgia Tech and holds three patents in high performance and adaptive information security.
At DHS, Schneck will be in charge of carrying out President Barack Obama's executive order that calls for a national cybersecurity framework that depends on government and private industry collaboration. Experts say she has the technical skills and business experience to bridge the wariness private industry often has towards working closely with the government.
"She's ideal for this job," said Stewart Baker, a former top DHS official who has known Schneck for several years. "She's got technical chops, administrative and corporate competence, and enough public/private board experience to appreciate the challenge she'll face. She will add a lot to DHS's combined policy and technical capabilities."
Schneck's experience in government and corporate partnerships include her current position as chair of the board of directors of the National Cyber Forensics and Training Alliance. The group brings companies, government and law enforcement together in combatting international cybercrime.
Schneck also served as chair of the Information Security and Privacy Advisory Board of the National Institute of Standards and Technology. NIST is currently overseeing government and industry efforts to build out Obama's framework for protecting the nation's critical infrastructure against cyberattack.
Her new job will include establishing a way for private industry to comfortably share cyberattack information with government. Corporate concerns include potential lawsuits from customers or partners, while civil rights advocates have raised privacy concerns.
In addition, recent revelations of massive surveillance of Internet and telecommunications traffic by the National Security Agency (NSA) have bred tension between government and the private sector.
"The current state of affairs between the private industry and the government is very fragile right now from a cyber perspective," said Paul de Souza, founder and director of the Cyber Security Forum Initiative, a nonprofit group that advises the government on cyber warfare.
Schneck's success will depend on her ability to foster trust, de Souza said.
"As long as she relies on the whole-of-nation approach, we should make progress," de Souza said. "Industry needs trusted partners who can provide cyber situational awareness on a two-way street relationship."
Murray Jennex, an associate professor and expert in information systems security at San Diego State University, said he hoped that Schneck's academic background would help unite university and corporate security researchers, who often have different goals.
"National cybersecurity is a wicked problem that needs the creativity and innovation that a fusion of [private] practice and academia will provide in order to solve it," he said.
Schneck joins DHS at a time when the department is undergoing major changes. In September, Napolitano will leave to become the first woman president of the University of California system. Obama has not announced her replacement.
As of Aug. 12, at least 15 top positions across DHS are either vacant or filled temporarily, reports the magazine FCW, which focuses on the federal executive sector.
"She faces a slew of challenges at DHS from a management and organizational standpoint that everyone who previously held the position struggled to address," said Jacob Olcott, former counsel for U.S. Sen. Jay Rockefeller (D-WVa.). "Getting national cybersecurity policy right is almost easier than solving DHS bureaucracy."
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.