Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.
“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.
Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.
His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it.
Schmidt’s official title is cyber-security coordinator at the White House, a job he took over just before Christmas. Schmidt has no budgetary authority, but he said that doesn’t make him powerless, because his office is in the White House. He’s been there before as an adviser to President George W. Bush, and he’s been the president and board member of countless security associations.
One of his first moves in his new job was to publish an unclassified summary of the country’s 12-point cybersecurity plan, known as the Comprehensive National Cybersecurity Initiative, a move toward transparency that he announced Monday as the keynote speaker at the world’s premier security conference.
That plan was first formulated under a veil of secrecy in January 2008 by President Bush. He was prompted in no small part by McConnell, who was director of national intelligence and reportedly convinced the president that a cyberattack could cause more economic damage to the United States than the 9/11 terrorist attacks.
Much of the authority and the funds under that initiative fell to the National Security Agency, the military’s premier spying agency that also has responsibility for locking down the government’s classified networks. Not surprisingly, McConnell, as DNI, held power over the NSA.
McConnell rejoined Booz Allen Hamilton, a defense contractor who made more than $4 billion in 2008, mostly in government contracts, including secret ones. A former NSA director, McConnell now servers as the vice president for national security business at Booz Allen Hamilton. It was recently acquired by the powerful and politically connected Carlyle Group, the world’s largest private equity whose advisers and board members have included George Bush, George W. Bush, James Baker and former SEC chief Arthur Levitt.
In an op-ed in the Washington Post last weekend, McConnell called for a re-engineering of the internet and a return to a Cold War mentality of deterrence, based on the threat that the United States would massively retaliate against any perceived attack.
Threat Level rebutted that notion Monday, in a post that called McConnell the greatest threat to the internet.
For his part, Schmidt said no re-engineering of the internet is in the plans under the Obama administration. And he re-emphasized the president’s promise — delivered in a May speech addressing cybersecurity — that the government would not monitor the internet at large.
But that commitment to keep the government’s monitoring equipment out of the commercial internet seems belied by a CNET interview at RSA with a Homeland Security cybersecurity official, who said that DHS was considering installing its classified
Cyberwar advocates make their case for this in part by pointing to high-profile stories that hackers have penetrated the grid and, in some cases, caused massive blackouts including the 2003 cascading failure in the Northeast that affected some 50 million citizens. Those stories (on 60 Minutes, in the Wall Street Journal and the National Journal), relied nearly exclusively on anonymous defense intelligence officials or contractors, and are often easily debunked.
Schmidt said it’s possible that hackers have gotten into administrative computer systems of utility companies, but says those aren’t linked to the equipment controlling the grid, at least not in developed countries. He’s never heard that the grid itself has been hacked.
“As for getting into the power grid, I can’t see that that’s realistic,” Schmidt said.
There’s been much ink spilled in recent years over the turf battles in D.C. over whether the NSA (representing the military) or DHS (on the civilian side) takes the lead role in cybersecurity.
Rod Beckstrom, now the president of the International Corporation for Assigned Names and Numbers, resigned from his role heading cybersecurity for DHS last spring. He protested that the NSA was encroaching too far, and that the job of protecting non-military government websites should be handled by civilians — especially as the government pushes citizens to use those websites for more and more business.
But Schmidt said he hasn’t run into that problem and said government agencies are working together.
“I haven’t seen that tension,” Schmidt said.
As for which will take the cybersecurity lead, Schmidt simply says it’s a shared effort.
But that’s a very thorny issue — one that has dogged the government’s intrusion protection system Einstein and its successors, Einstein 2 and 3.
Why should U.S. citizens trust cybersecurity to the NSA? Under President Bush, it secretly turned its powerful spying apparatus inward in violation of U.S. law and its longstanding mantra to never spy on citizens.
Schmidt counters that the NSA has long had the job of protecting classified computers and has already become a participant in the wider security community. Among other things, it offers advice on how to secure computer systems, such as Linux and Windows. And more important, Schmidt said, the president maintains the NSA has to obey limits.
As for his priorities, Schmidt says education, information sharing and better defense systems rank high.
That includes efforts to train more security professionals and have the government share more information with the private sector — including the NSA’s defensive side.
The government must also be active in reducing its own vulnerabilities, according to Schmidt.
Schmidt, who has held cybersecurity positions inside the Air Force, the FBI and Microsoft, mentioned he’s part of a Facebook group of Wired magazine collectors. The oldest one he has, he said, had co-founder of the Electronic Frontier Foundation John Perry Barlow on the cover. Though the irascible Barlow never made the cover (other than a mock-up of the first edition), Schmidt could have been referring to Issue 2.04 which included a promo for an essay from Barlow.
Fittingly, that essay - about the failed effort to mandate government-accessible backdoors in encryption technology, was titled “Jackboots on the Infobahn.”
Photo: Howard Schmidt in a lonely RSA conference room Wednesday March 3. Credit: John Snyder/Wired.com