Who Would Want To Be Obama's Cybersecurity Czar?

dasButcher writes "President Obama is expected to name a new cybersecurity czar sometime soon. This person will be charged with defending the digital boards from attack by hostile nation-states and terrorist organizations. But the question Larry Walsh asks is: Who really wants the job? The previous three people who held the post barely made a dent in solving the security problems. Government bureaucracy and private sector resistance make it nearly impossible to find any measure of meaningful success in this job, he writes." Reader eatcajun contributes a related link to the long-awaited US cyberspace policy review.

Stephen Conroy

[Gandalf_Greyhame]

We'll give you Stephen Conroy if you like.

Kevin Mitnick

[Tehrasha]

...nuff said.

Re:

[Anonymous Coward]

Bruce Schneier would love to do it, since he would be the center of attention. But since he know he'll never get picked he says we shouldn't have a cyber tzar.

hostile nation-states and terrorist organizations

[Jurily]

What about hostile countries that are not nation-states?

Re:

[thePowerOfGrayskull]

First post.

I do not think that phrase means what you think it means.

is that anything like a Secretary of the Internet?

[Xtifr]

Obligatory XKCD link [xkcd.com] (five part story).

The rights holders want it...

[icebike]

The copyright holders and their corrupt organizations may want it.

They use the position to make sure one looks too hard at the invasive digging into people's hard drives and network traffic.

Meanwhile they totally ignore any REAL threats and protection measures. (As can be seen by stories on Slashdot about data thefts left and right).

Spammers are the Cyberterrorists

[Anonymous Coward]

Whoever he picks, I hope they are technologically savvy enough to realize that all of the terrorists in the world won't be able to do one millionth of the damage that's already being done by spammers.

Re:

[Anonymous Coward]

You're a dumbass if you actually click those "opt-out" links. Just delete the damn email. When you get junk mail in your regular mail box you don't mail a letter back to the sender to tell them to stop sending you junk, do you? SUCKER!

RIAA Lawyers

[GigsVT]

Are there any RIAA lawyers left who don't yet have high level Obama positions?

I paid my taxes

[Wonko the Sane]

so I guess I am ineligible even if I wanted the job.

Re:I paid my taxes

[Wonko the Sane]

How sad is it when we start to talk about a presidential administration in those terms?

"Just think about all the hotels they didn't break in to."

"Don't worry, there are plenty of terrorists that received no weapons in exchange for hostages."

"At least he didn't let all of our soldiers get dragged through the streets of Mogadishu."

Bruce . . .

[PolygamousRanchKid]

. . . Schneier and Campbell . . .

. . . Schneier can lecture us on, "What is Cybersecurity?" . . . Campbell can cut 'em up with chainsaws, and blow their brains out with his shotgun.

How could we lose?

Re:

[Lord Kano]

My only thought for the position would be Bruce Schneier. I think he's not only competent, but trustworthy. Trust isn't the kind of thing that you can take for granted with government appointments. Regardless of how one may feel about an administration, you have to remember that there will always be another one that doesn't necessarily have your best interests at heart.

LK

lol cyberczar

[Anonymous Coward]

is the cyberczar going to declare a "WAR ON BLOGS"?

at least it pays well!

[nikosput]

Come on, you gotta know a job like this pays some serious bank. And in todays economy, that means a lot more then it used to. Sooooo...if anybody wants to hire me, you can find my resume online. (President Obama, are you reading this?) I posted it on my website: http://www.niksput.com/resume.html [niksput.com] Also you can email me: sdn@niksput.com [mailto]

Re:

[mokus000]

(President Obama, are you reading this?)

A /. reader for prez?
Ugh, if so I'm leaving the country _RIGHT_ _NOW_...

A no win situation

[AnalPerfume]

While corporate lobbyists dictate the infrastructure, it's gonna be a Windows backbone. Nobody can make that secure. While this situation remains, the position is a no win one.

Re:A no win situation

[thePowerOfGrayskull]

Oh, stop. A Windows "backbone" can be made just as secure by a competent admin as a *nix "backbone" can.

Re:A no win situation

[KahabutDieDrake]

I think you forgot to include the punchline.

Re:

[AnalPerfume]

Damn that was funny, if I had mod points or hadn't already commented on this article.

Re:

[thePowerOfGrayskull]

Well played.

Re:

[Ektanoor]

Really? I remember that Windows NT & Sons had a too classical and nearly eternal flaw, which did not give a chance for a guaranteed secure environment - the internal messaging between progs. I met it a few times and it was really painful.

Yes Vista & Sons probably have solved this. But after 15 years on Windows I didn't wait for them.

Besides, you don't make backbones on Windows or *nixes. Anyway you don't use *just* Windows or *nix
----

A backbone admin

Re:

[thePowerOfGrayskull]

Really? I remember that Windows NT & Sons had a too classical and nearly eternal flaw, which did not give a chance for a guaranteed secure environment - the internal messaging between progs. I met it a few times and it was really painful.

Indeed, every system has flaws - sometimes severe. I think the internal messaging weaknesses got corrected in the WIn2003 timeframe, IIRC.

Besides, you don't make backbones on Windows or *nixes. Anyway you don't use *just* Windows or *nix

Agreed, that's why I put it in quotes.

Re:A no win situation

[BlueParrot]

Oh, stop. A Windows "backbone" can be made just as secure by a competent admin as a *nix "backbone" can.

And you CAN attach wheels to your tower and CRT, hooking it up to lead acid battery and dragging it along behind you, but it is just so much easier to get a laptop...

Re:

[raddan]

It's pretty easy to make claims like this when there are, in fact, no Windows machines providing any core Internet services (BGP, DNS, etc). It's like dividing by zero, right?

Re:

[AnalPerfume]

It's getting rather predictable where the Windows proxies / astro turfers will use their mod points. To be fair to them though, Microsoft are cutting back on astro turfing budgets so those doing it have to be ruthless to ensure they are not the ones facing the unemployment lines. They are only doing their jobs, we don't take it personally when we laugh at their lack of integrity.

Re:

[thePowerOfGrayskull]

The funny thing about your post is that in another conversation here, I'm getting flamed as an anti-windows shill because I dared to complain about the holy child, Windows 7 ;)

Re:

[Daniel Dvorkin]

Some systems are inherently less insecure than others. I don't know why this is so hard to understand. Everyone gets that some chips are faster than others, some hard drives have more capacity than others, etc. But when it comes to operating systems and security, a lot of people continue to insist on an equality that clearly doesn't exist.

Re:

[thePowerOfGrayskull]

I never claimed otherwise. But my point is that stating (or implying) Windows is buggy and inherently insecure is as valid as is saying Linux is inherently hard to use. Both were true many years ago. More recently... not so much.

Re:

[janwedekind]

The impudence of this lie was so strong that it send ripples through space time causing momentary discomfort to a Linus Torvalds in a parallel universe deciding to go out for dinner instead of sending a post about developing an operating system kernel.

alt.cyberczar.recovery

[argent]

Results 1 - 10 of about 17,800 for sysadmin horror stories...

1. How do you convince the prez that he shouldn't download shonky software just because his Macbook isn't running Windows?

New military branch needed

[religious freak]

We don't need a "czar", we need a new military branch. I am not aware of ANY real and lasting contribution any "czar" has ever made in the United States. The first drug czars came close... if you call that a contribution, but from everything I've seen, they're basically PR and cheerleaders, and don't have much authority or get much done.

If we're serious... and I mean really serious... we need a branch of the military to do the heavy lifting. We don't need to start this in a big way, but we need the security infrastructure to build on should tensions begin rising with nation states. These guys would be the grunts doing the front line lifting and poking around while the NSA focuses it's talent on developing high level techniques. This is what we'd do if we got really serious.

In my view, the position of czar is a joke. Czars are for 19th century Russia and have no place in a modern United States government.

Re:

[Tigersmind]

You are right. A group of people trained properly is about the only way to do this. Thing is to really be effective they would have to operate with little to no oversight. Essentially a black-ops for a cyber war.

That idea makes me squirm. Bad enough so many groups try this already with current laws, I wouldn't want to give that much power to a unmanaged group of people. If you want effective though, that's the way. A Czar is a waste of time really.

Re:

[Jurily]

In my view, the position of czar is a joke. Czars are for 19th century Russia and have no place in a modern United States government.

I see this as a subtle move to start referencing absolute power. Napoleon called himself "First Consul", and then "Emperor of the French Republic" after seizing total control, for a long time, because the public was not ready to go back to monarchy.

Of course I'm just being paranoid again, and the voters have total control over the government.

Re:

[tehdaemon]

"Czars are for 19th century Russia and have no place in a modern United States government."

It is worse than that. Czar [wikipedia.org] is nothing more than the slavic/russian version of the word Caesar.

T

Re:

[BJ_Covert_Action]

...19th century Russia and ...United States government.

I'm sorry, but with the way things are going, what exactly do you perceive the difference to be? (Politically that is, we all know there is such a thing as nuclear___ now).

Re:

[Ektanoor]

A military branch to fight crime? While I agree th US doesn't need a "czar" and even agree with your arguments, your alternative is not brighter.

Crime shall no be fought by the military in any possible way. First they will shoot and then... They will not give themselves the question "whom are we shooting at"! They will keep shooting until the field is flat.

Second, a military environment is always preemable to crime. BTW, I have already had to deal with such a case on Internet: military+cybergangs. If you wa

Re:

[Artifakt]

As a person who once held a Military Intelligence slot, I want to point out some things. Properly done, MI is all about capabilities, not intentions. That is, MI when it's working right will tell you if a possible enemy has artillery with a 55 mile range or not. Mi done right won't speculate whether the enemy has the intention of aiming it at an adjacent capital city unless the owner announces it, or at least positions it so there are no other targets that would make any sense.
I

Re:

[Ektanoor]

As someone who had a face to face with Military Intelligence I would concord with your words on MI but I would note you that the question is not capability but crime. Crime is not capability. It is a process which, at least, degradates the very frame of society in every level and form.

If we have a crime gang going wild, we need to track not only their capabilities but also their relations motives and modus vivendi. And note, I am writing "capabilities" in plural. Now how in MI conditions can you give a solu

Re:New military branch needed, not so much

[aoeu]

NSA?

Re:

[KarmaRundi]

These positions are never officially called czars. That's just a name the media gives them.

Re:

[stephanruby]

This problem needs to be addressed from the bottom-up, not from the top-down. We don't need a "Czar", we don't need a branch of the military, we need someone more like the "Surgeon General" (and even that title sounds too military).

We need someone who explains and educates us, not someone who barks orders at us. We need to look at computer security as a public health issue. People need to be taught about basic computer hygiene (just like we were taught about normal body and sanitary hygiene after finding o

Re:

[bzipitidoo]

I'd start by providing the means. Education is great, but we must be practical. Doesn't do any good to talk about security or order it tightened when there isn't any approved way to do it, or there are ways but no one knows it or is allowed to use it because they're all top secrets.

It's very easy to get mired in security theater. If the Czar can just keep the politics to a minimum that would be huge. "It's a national secret" is routinely abused to cover up problems. And to keep business rivals and co

Re:

[Monsuco]

If we're serious... and I mean really serious... we need a branch of the military to do the heavy lifting. We don't need to start this in a big way, but we need the security infrastructure to build on should tensions begin rising with nation states. These guys would be the grunts doing the front line lifting and poking around while the NSA focuses it's talent on developing high level techniques. This is what we'd do if we got really serious.

The NSA could likely be extended to cover both ends of security (both defence against hacking and offence in the sense of monitoring enemies.)

Czar fetish

[flyingfsck]

What is up with this American love affair with old Russian titles?

Re:

[BJ_Covert_Action]

Well, you see, we all have fond memories of playing with mamushka dolls when we were little and...I mean...come on... who honestly doesn't love those things?

Re:

[BJ_Covert_Action]

Interestingly, and on a completely unrelated note, Rule 34 [xkcd.com] curiosity led me to google image search "mamushka porn" right after posting this comic and on the second page of results the movie boxes for "Dumb and Dumber" were displayed....I love the internet.

Re:

[Ektanoor]

Simple buddy... Czar is synonim to Samoderzhec, something like "the power in himself by himself". Much like the "L'Etat c'est moi..."

Re:

[gmuslera]

They are setting the ground to make people accept the next change, a very big one. Be ready to see lots of posts titled "In Soviet America..."

Re:

[Quiet_Desperation]

Fetish? Nonsense. You're just imagining things, comrade.

ME!

[iamhigh]

But only because I am sure it would look pretty bad ass on my resume. I am sure with that on there I would be able to get a job somewhere, pretty much forever.

The difference

[bonch]

The difference this time is that Obama is a Democrat, so the media will ignore the czar's complete ineffectiveness and never criticize anything he or she does.

Re:

[MrMista_B]

Heh, I take it you don't watch American news, at least you haven't at any time during the past ten years. Remember the American invasion of Iraq? The destruction of Katrina?

Etc. - my point being that, during that time, pretty much everyone in the Bush presidency got a free ride. The media basically said 'aww shucks, wull I guess he just gosh darned tried his best, and that's what counts, right?'

In contrast, the scrutinty and out-for-blood nature of most of the news coverage of the Obama campaign since it be

Re:

[Artifakt]

I don't think you can claim fairly that the Bush administration got a free ride the whole ten years - the first few after Sept 11th, maybe, but not nearly so much by Katrina.
However, when the Governor of Illinois recently got into trouble, CNN and NBC (both part of what Fox calls the liberal media), ran pieces on it. They both printed a quote from a phone conversation involving the perp, where he essentially said 'Obama's whole staff were Boy-scouts. When he tried to hit

Re:

[Daniel Dvorkin]

The difference this time is that Obama is a Democrat, so the media will ignore the czar's complete ineffectiveness and never criticize anything he or she does.

You're not just trolling, are you? You actually believe that. Dear God.

Have you actually read a newspaper, or watched a TV news program, or listened to a radio news show, at any point during Obama's administration? Or during the Clinton administration? Or during the Carter administration, assuming you're old enough to remember that? Ever?

I'd Take the job

[TiggertheMad]

Here is why you would want it: You have the ear of the president of the USA. You get to put down on your resume that you were the cyber-security czar.

Yeah, the very idea that a cyber-security czar has any control over US cyber-security is truly silly, but who knows. Your suggestions might get a few positive changes to be made, and in the event of a catastrophic cyber-security catastrophic event (like, terrorists flying virtual 747s into the virtual world trade center in Microsoft's flight simulator...)

I nominate BOFH

[linzeal]

I am sure he will find away around this so called bureaucracy of yours as he has been doing quite well for himself in the private sector [wikipedia.org].

Of course with the new job comes new nomenclature, I present to you ladies and gentlemen the BCCFH (The bastard cybersecucurity czar from hell) and don't worry about assigning him any more power than a normal UNIX sysadmin, he'll get the job done.

I pay my taxes every year,

[argStyopa]

...so clearly I'm not qualified to be on Obama's cabinet.

I vote for Kevin Mitnick

[Ouchie]

In this type of political postion reputation and personality are as important as your knowledge. Kevin has shown in his legal employment history an aptitude to address cyber security in a way that draws the necessary attention to the issue. His crimial history gives him the legitimacy with both sides of the issue.

Re:

[mistahkurtz]

condor, is that you?

Bill Gates, of course

[xednieht]

Arguably, few have had more experience dealing with gaping software security vulnerabilities than the big kahuna himself.

Enough with the Czars

[assertation]

I think Regan was the one who started giving government officials the the nickname of the "The _______ Czar". In every case the problem assigned to the Czar never went away and often got worse. You would think that term would fall out of use. You want to guarantee a problem will not go away? Appoint a Czar to oversee it.

Morrison!

[Ektanoor]

Mitnick is a great guy. But he is too specific on creating a mess. Besides, too private and he seems even shy...

Go for Morrison... He knows how to make a real worldwide mess out of Internet.

The answer is obvious

[mqduck]

Cowboy Neal.

Doesn't sound so bad actually...

[iamdrscience]

I'd take this job in a second. The position has a track record of failure and thus, expectations are low. This is exactly the kind of job I'm looking for. If you succeed, you're a miracle worker, if you fail, nobody blames you, either way it's not bad. It looks even better when you add in the fact that the pay is good and you have an awesome title. I mean c'mon, you'd be a freaking czar, how many people can legitimately put "Czar" on their resume?

Re:Doesn't sound so bad actually...

[ColdWetDog]

In old country, we shoot Czars. Not to be wanting this, I think.

Re:

[drinkypoo]

Absolutely! You have a lot of press conferences where you announce all the solutions that you know will never be accepted, then it's never your fault. You crow about all your 'victories' (anything you can reasonably take any credit for) and make some sneaky deals to get yourself a CIOship when you leave. S.O.P.

Sounds like a challenge

[PacketScan]

I'll do it

I'd take the Job!

[gyrogeerloose]

Of course, I'm not qualified but we're talking about the U.S. government here so since when would that matter?

Private Sector

[chrispycreeme]

I'm a huge fan of this administration but in this particular case I think the private sector could do a much better job protecting against threats than any Czar. Besides, I hate anyone who's title has a C followed by a Z in it, that's just not right. Drop the "c" or just say: "KaZaar!".

Me me me

[buchner.johannes]

There will be lolcats all over the place, I promise! ;-)

How Much Does it Pay?

[florescent_beige]

EOM

Who wants the job?

[wowbagger]

Who wants the job? Perhaps somebody who wants to have power, without all that pesky "running for office and actually being elected by the people" stuff. Somebody who wants to make rules about how everybody is to run their computers, without all that pesky "being responsible for what goes wrong" stuff.

Stallman

[gmuslera]

Would love to see him in a fake photo with Czar clothes. Maybe he goes forward to the czar role, pushes us to the open source communism and Ballmer starts calling him Stalinman.

I'd like to be but...

[Anonymous Coward]

but I'm an employed white male who wouldn't base my decisions on my perceptions of social injustice brought about by my situation.

There's only one man for the job

[Alzheimers]

The man who's name is synonymous with Security: Peter Norton [wikipedia.org]

How I Would Do It

[Bob9113]

Here's my quick, from the hip view on how to maximize the probability of a successful outcome:

Cybersecurity is focused on maintaining control of systems and networks. Cyber-warfighting is a valuable source for understanding potential threats, but it is not the objective of the cybersecurity committee to advance the state-of-the-art of cyber-warfighting.

To advance the ability of the citizens and organizations of the United States to retain control of their information systems, an elite task-force will be for

Re:

[robinjo]

So, you assemble a group of people from different big companies and vastly different backgrounds and expect them to do a good job, think critically and be unanimous? Are you really serious?

If you bring together a big enough group of experts, they seldom are unanimous. Add the outside influence from the big companies and you'd have a recipe for failure.

The group would avoid changing anything big as it would only lead to conflicts. After a while the brightest people would get frustrated and leave. After addin

Re:

[Bob9113]

If you bring together a big enough group of experts, they seldom are unanimous.

I only suggested an 11-person committee. But that is the less important point.

In politics, religion, and art, I agree completely. In science, I do not.

Perhaps they could not agree on the finest nuance, but they could agree on the color of the carpeting in the room they are in.

From there, they can move to "Should encryption be employed when transmitting sensitive data over the Internet?"

Then "Is AES-256, if implemented perfectly,

Re:

[MRe_nl]

Jonathan James, Adrian Lam, Kevin Mitnick, Kevin Poulsen, Robert Tappan Morris.

Re:

[Bob9113]

Jonathan James, Adrian Lam, Kevin Mitnick, Kevin Poulsen, Robert Tappan Morris.

Those guys should be on the cyber-warfighting committee. And should play war games against the cybersecurity team.

Eh.

[SphericalCrusher]

For something like this, I honestly don't like the idea of having one person behind it. What happens if he's murdered? I mean, if a group of professions honestly want to hack the U.S.... the poor son of a bitch who is the "Cyber Czar" is going to take a hit. Rather physical, such as being sniped or just having his shit hacked... he will be knocked out of the way.

It's a political, leadership role

[cheros]

For this job you need someone who has political savvy and can indeed show leadership coupled with diplomacy - and on top of that he needs to have at least a degree of technical competence to ensure someone isn't telling him lots of guff.

If I wasn't non US I'd be interested as I've done this a few times before. I built the fundamentals on a large government work when nobody was interested in collaboration, and I did international interoperability where the group I worked with was talked with making it happe

I nominate...

[Quiet_Desperation]

...Leo Laporte!

He'll show them crackers what for!

Have a real one!

[FilatovEV]

Why to have a cybersecurity Czar? Better have a real one. The American Czar will establish an Empire, and it's a kewl thing. People think that a Czar is Undemocratic, but when you have a Czar it's he who would decide what is Democratic. In America, every Citizen would have a right to be the Czar, but the only Czar would be Obama, because it's Democratic.

Were the job not limited to just security?

[TigerPlish]

If the job wasn't limited to security, I'd say Wozniak.

If the job is limited to security, all they'll need is an ineffectual mid-grade bulletstopper. This will make it a true government operation. Same as it ever was and all that.

ME

[stanjam]

I'll do it, no problems.

Not really...

[artor3]

These "czars" aren't new super-powerful positions being created by facists. They consist of pre-existing positions that have been given a catchy new title (drug czar instead of "head of the drug enforcement agency") and advisory roles (terrorism czar).

The former already existed. You can't complain about there being a drug czar unless you believe that the DEA has too much power. Of course, they probably do... but that predates the nomenclature used for their leader. The so-called "war on drugs" (which Obama's drug czar want to stop) began a couple decades before that term came into use.

The latter is simply an advisor to the president. They have no powers that the office of the president does not, nor can they overrule the president in any instance. The president would be taking advice from them anyway. All the title does is recognize that he's taking their advice.

I know there are a lot of libertarians/anarchists on /., and that's why the "czar" thing always gets pointed at as proof that the *insert currently leading political party here* are a bunch of fascists. But when you actually look at what the "czars" do, you quickly realize that it's entirely in keeping with our democratic republic.

Re:

[longacre]

Obama HAS created new super-powerful positions, for example the new "Assistant to the President for Energy and Climate Change," aka the Environment Czar, to which he appointed Al Gore buddy Carol Browner. Never in White House history have cabinet members reported to a czar, but today the Secretaries of Energy and Interior, and the EPA Administrator don't report to the President but to a private citizen who has never been vetted by the Senate.

Re:Not really...

[Pinky's Brain]

They don't have any of the constitutional powers of cabinet member, why would they have to be vetted by the senate? The president has the constitutional right to chose how, when or if at all to listen to cabinet members. In the end it's merely a slightly higher profile presidential aide.

Re:

[apenzott]

I second this motion.

He has the gumption to challenge security by (proprietary) obscurity.

With his hands-on experience with DARPA, he knows how it is broken and what needs fixing.
http://en.wikipedia.org/wiki/Theo_de_Raadt#DARPA_funding_cancellation [wikipedia.org]