Wanted: NCSD Head

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.eweek.com/article2/0,3959,1191690,00.asp

By Dennis Fisher
July 14, 2003 

The government is looking for one good person: someone with years of
operational security experience with a solid track record of leading a
talented group of people performing vital, sensitive tasks for a
public-sector salary in complete anonymity.

The candidate must be willing to work long hours, be comfortable with
getting no credit for his or her successes and take a public thrashing
for the smallest failures. And do it all on a limited budget while
trying to get personnel from a half-dozen agencies to work together
and cooperate.

Interested parties should contact the Department of Homeland
Security's Information Analysis and Infrastructure Protection
directorate. Immediately.

Nearly six months after the DHS formally began operations, officials
are still searching for someone to head the department's
cyber-security operations. A nationwide search has turned up few real
candidates, and the prospects for the process coming to an end any
time soon are slim. The National Cyber Security Division is barely a
month old, but if a strong leader doesn't sign on soon, it runs the
risk of becoming an orphan within the massive DHS.

NCSD is designed to handle the government's incident response and
early-warning duties and includes personnel from a variety of
agencies, including the FBI, Federal Computer Incident Response
Center, Critical Infrastructure Assurance Office and National
Communications System. As those factions begin to work together,
they're naturally somewhat hampered by the lack of a permanent
department head giving them a clear sense of purpose and direction.

"The search is still ongoing for someone. These things take time,"  
said Bill Murray, a DHS spokesman, in Washington. "We're not rushing
to fill the position. We're looking for the right person."

Murray said he's not sure whether the department has narrowed its list
of candidates or is still casting a wide net.

Either way, the problem isn't a lack of qualified candidates—quite the
opposite, in fact. There are any number of people, in the government
and the private sector, who have all the requisite credentials and
skills to handle the job. However, none of them seems to be
interested.

When Richard Clarke, the former chairman of the President's Critical
Infrastructure Protection Board, decided to leave the government after
30 years, he said it was something he had planned to do for years.  
However, Clarke was known to be frustrated with the way the DHS was
being organized, particularly the fact that the cyber-security
division would be taking over the functions that the PCIPB handled. He
left for the lucrative speaking circuit rather than take a diminished
role inside DHS.

Clarke's right-hand man and successor, Howard Schmidt, was seen as a
natural for the DHS job. With a background in law enforcement and
information security, including a stint as the chief security officer
at Microsoft Corp., Schmidt knows his way around Washington as well as
Silicon Valley. Schmidt is considered one of the most respected and
level-headed security experts in the country, and his unique
experience would have been invaluable.

But, Schmidt quickly grew unhappy with the way DHS officials were
dragging their feet in setting up the NCSD. He left the government in
April for a job as chief security officer at eBay Inc.

A big part of the problem in finding someone to run the NCSD is that
the position is not a very senior one and is several layers down in
the department's hierarchy. The NCSD's head will report to Robert
Liscouski, the assistant secretary for infrastructure protection, who,
in turn, reports to Frank Libutti, the under secretary for information
analysis and infrastructure protection. That gives the NCSD chief no
meaningful access to the top decision makers in the White House or
other parts of the national security apparatus.

"Would I be interested? I haven't been asked. But I wouldn't take a
job without the authority," Mary Ann Davidson, chief security officer
at Oracle Corp., in Redwood City, Calif., said of the NCSD position.  
"Who you report to is important, especially in Washington."


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence 
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.