Photo: Hermitage Museum
Cyber Security Czar
Mike Gillespie, director at Advent IM, believes he sees command and control problems looming already following President Obama's announcement that he intends to appoint a Cyber Security Czar
Whilst the Cyber Security Czar title sounds altogether very impressive, I can see a problem looming already; one of command and control over this appointment. It can do no harm to position an individual with direct access to the President who can quantify levels of threat and explain potential counter-measures to combat them. However, in the case of the previous incumbent, I don't think he held his position for very long. The cause of his departure is unknown, but he was very well respected in the IT security sector; therefore, it questions whether he found the position to be purely political, or found lack of co-operation with government departments and commercial organisations to be too difficult?
In principle, any communication back to a President or governmental figure about security from an International or National perspective, down to commercial and residential environment is appropriate, however it is probably more important to address how that information is handled, interpreted and or analysed and taken action against. It would be easy for misinterpretation, so the information put forward needs to be delivered unbiased and decided upon with an agreed treatment of consideration by a collective team rather than one cyber 'geek'.
The pitfalls are of course the temptation for the US to go it alone and clamp down the cyber space as and when it feels appropriate without the international perspective or intelligence. This will extend the reach of the US in support of the Global War on Terrorism but who will dictate the balance between this and the economic drivers? If the Czar isn't careful he will become torn in numerous directions and achieve very little. Either way, cooperation with National agencies, government departments and commercial organisations will be a key factor, however competing with other departments vying for political recognition may also impede progress.
As for the UK or other territories adopting such a figure, it makes sense for each country to have a similar provision and in fact we do in the UK, already have a similar function within our security services. This however, is by no means overt enough and nor is it as directly linked as it needs to be with the economy.
Back in 2005, Lord Toby Harris of Haringey in fact called for the appointment of a government cyber security Czar and for legislation to change the role of the NISCC from providing information security advice to setting and enforcing information security standards. Whilst changes did occur with regard to the role of NISCC (now the Centre for the Protection of National Infrastructure (CPNI)), as far as we are aware a Czar was never appointed.
If such a person or role is to be appointed, the decision needs be made as to whether this figure should be a military person, or whether the Czar concept should encompass two people; one responsible for National Security and the other an economist. Fused together, they could really provide educated and rationalised insight and advise government accordingly as to the best preventative measures to take, to mitigate cyber threats.
The Conservative Party has already stated its position claiming it believes there is a need for a minister for cybersecurity, in a bid to fight the increase in e-crime and raise awareness in Westminster. Whether a National Security representative would be part of the plan remains to be seen.
I believe this concept of adopting a security Czar at the highest level of government will in essence work well for the US. However, on a larger scale its real success will be when and if other countries do something similar, as cyber threat knows no boundaries.
