Posted by: David Schneier
Laws, Investigations and Ethics
The cybersecurity group at the Department of Homeland Security has had a hard time hanging onto its leaders, for various reasons, since the department started five years ago. DHS officials have tried a number of approaches in trying to find the right man for the job, going first to government veterans such as Howard Schmidt and Amit Yoran, who had both government and industry experience, and then landing on Greg Garcia, the current assistant secretary for cyber security and telecommunications, who was a lobbyist before he joined the department.
Now, with its recent appointment of Rod Beckstrom as director of the nascent National Cyber Security Center at DHS, officials are trying a completely different approach: bringing in someone with no security or government experience. Beckstrom is a serial entrepreneur who has founded a number of successful companies and also has written a book on leaderless organizations. All kidding about how his knowledge of leaderless organizations will serve him well at DHS aside, I think the DHS folks deserve a bit of credit for going outside the playbook and giving a shot to an outsider such as Beckstrom. His role will not necessarily be a technical one, as he was brought in specifically to encourage better communication and information-sharing among the various components of the federal government that handle cybersecurity.
Former officials who have worked in the National Cyber Security Division at DHS and those in the private sector who work with the department have consistently criticized DHS for its poor communication on security issues and lack of willingness to share intelligence on attacks and vulnerabilities. What can it hurt to try a different approach? The ones they’ve tried in the past clearly haven’t worked, so maybe a little new blood and some unconventional thinking will jump-start things.