Cybersecurity: The Problem with Czars
On December 21st, 2009, the White House announced that friend and colleague Howard Schmidt had been appointed to the Executive Office of the President of the United States to serve as the “Cybersecurity Czar” for the Obama administration.
I find this personally interesting because a few people (only a few, not many) contacted me earlier this year and told me that I would be a great choice for this job and encouraged me to toss my hat into the ring. I declined for a number of reasons. One reason is that after consulting for the US government in cybersecurity for nearly 15 years, I am not interested in more government advisory work. The second reason is that this job is a political appointment for a politician, not an operational security or network person – and I am not interested in being in between Republican and Democratic politics (in the least) at this stage of my life. I served my country as a consultant (to the government) for nearly 15 years, including the USAF, the DOD, DISA, OSD NII and DOE. That is enough (for me); and I thank Howard for his willingness to serve in a political position that will have minimal effectiveness, but is necessary politically.
One of the main problems is that Czars are not very welcome in this world. Can you imagine the resistance if someone was called “Czar of the World” or even “Czar of the United States of America”? A person in this position would be in a terrible position to find cooperation because of the very negative political implications of the word “Czar”. “Czar of all Banking Services” might be politically acceptable; but a larger than life “Czarship” is an impossibly large territory to manage.
This is precisely the problem with a “Cyberspace Czar”. Cyberspace now encompasses nearly every aspect of modern life. Cyberspace is an immensely huge domain. It is as large as the air we breathe and the seas we depend on. Cyberspace continues to grow at geometric or exponentially expanding rates. Cyberspace is immensely, immensely huge. We don’t even know how big it is or yet have solid theories and tools to measure it.
I recently wrote a series of posts on some of the issues the USAF had when their commanders continued to expand the definition of cyberspace into something so huge and all powerful, it became bigger than life. In a nutshell, there are people who want to call almost everything that is man-made and uses electrons “Cyberspace” from the electric grid to laser weapons. There are conflicts-of-interest and overlapping territory from the military, intelligence agencies and other government agencies. There are conflicts-of-interest with retailers and government. The “territory of cyberspace” is simply too huge for a “czar.”
In other words, there can be no “Cyberspace Czar”, in practical terms, anymore than there is a “Space Czar” or a “US Czar” because the size of the domain we call Cyberspace is too enormous to manage. We have yet to accurately define it or come up with ways to measure it, much less manage it. Therefore, it is impossible to be effective as a Czar in such a large domain, even if you had 100% cooperation from everyone – and no political administration will ever get this cooperation.
I know Howard Schmidt personally. We have had dinner together in Bangkok on a number of occasions, we have been shopping together, and I have seen him speak in public. Howard is a wonderful man and a national treasure. The political position Howard has just accepted is perhaps the most politically difficult and ineffective position in IT security imaginable. This is not a position for effective leadership, it is a position “in name only” so politicians can have a check box that says “we have a cybersecurity czar now.” Box checked. Politics as usual.
I think the actual name of Howard’s appointment is “Cyber-Security Coordinator”, which sounds better that “Czar”, but it is not a position I would want. I sincerely congratulate Howard in accepting this position and thank him for serving our country. Having worked at top advisory positions for the USAF, DOD, DOE, OSD and DISA for a number of years, I know how ineffective and political things can be at this level.
I wish Howard the best in his new position.
Cyberspace and the domain of information is growing larger, day by day. Many scientists now believe that information is the core particles of our universe. How can there ever be a “Czar” of a domain so large it is rapidly becoming congruent with the term “Universe”?