Obama Must Move on Cybersecurity Coordinator

It’s been more than a month since President Obama announced an aggressive plan to defend the Internet with a new cybersecurity coordinator directing the battle from the West Wing of The White House. At the time, I wrote that Obama was moving in the right direction. Since then, much has happened.

Most notably, as my colleague Robert McMillan has reported, a botnet of about 50,000 infected computers has been waging a war against U.S. government websites and causing headaches for businesses in the U.S. and South Korea.

“The attack started Saturday, and security experts have credited it with knocking the U.S. Federal Trade Commission’s (FTC’s) Web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT),” McMillan wrote, offering this quote from an unnamed DOT spokeswoman: “The DOT has been experiencing network incidents since this past weekend. We are working with the U.S. Computer Emergency Readiness Team [US-CERT] at this time.”

Meanwhile, a South Korean researcher investigating the attacks has uncovered a sizable hit list of sites in and out of government, including some high-profile targets in the banking sector.

We all want Obama to be as thorough as possible in selecting a new cybersecurity coordinator. In recent years, we’ve seen cybersecurity czars come and go, often leaving in frustration over the rusty gears of progress at the Department of Homeland Security (DHS), where they were based. [See also: DHS and Cybersecurity: Yes, No, Maybe So?]

We want a person in the White House who is in it for the long haul — someone who will command the respect of the National Security Council, Congress and the private sector. That no doubt requires a rigorous vetting process.

It’s also a pretty sure bet that people have been approached about the job and declined.

But in the final analysis, we’re running out of time.

Malware continues on its relentless march. Kaspersky Lab, for example, says the Koobface worm is infecting machines at an astounding rate, and security researchers continue to lose sleep over the number of systems infected with the Conficker malware.

Meantime, attackers continue to go after vulnerable Microsoft programs. For the second time in six weeks, for example, Microsoft has had to confirm attacks exploiting an unpatched bug in DirectX, this time by attacking Internet Explorer (IE).

There’s simply too much going on for the position to remain vacant any longer. The more time passes, the more the bad guys are going to think the push launched from the White House East Room in June was nothing more than another dog-and-pony show with no muscle attached.

Naming the new coordinator sooner rather than later won’t put an end to the attacks of recent days. But it WILL put the bad guys on notice that this time, the Commander-In-Chief is indeed serious about cracking down.

Bill Brenner is a senior editor for CSOonline.com. He welcomes your feedback in the comment section of this column and via e-mail at bbrenner@cxo.com.