backtop


Print 37 comment(s) - last by noxipoo.. on Jun 15 at 12:17 PM


Microsoft security chief Scott Charney is a leading candidate for the cybersecurity czar position, created by President Obama.  (Source: Microsoft)
President Obama will soon pick a candidate to lead our nation's cybersecurity efforts

Cybercrime, particularly attacks from foreign sources, is on the rise.  In the past month, many government systems and systems of government contractors have been penetrated by hackers from China or elsewhere.  Meanwhile petty cybercrime also remains a problem with malware, phishing, and botnets a lucrative business for some cyber-criminals.

Past exercises have shown the U.S. to have weak cyber-defenses, largely because of poor coordination between the organizations tasked with our government's security.  President George W. Bush and his successor President Barack Obama have set out to improve on this situation by allocating money to security and creating a new cybersecurity czar position to organize the fight.

Two leading candidates have emerged for this job.  The first is Scott Charney, head of Microsoft's cybersecurity division.  According to a source close to Mr. Charney, Mr. Charney says he won't take the job, however, the source believes that he would change his mind if pressed.  In the past Mr. Charney lead PricewaterhouseCoopers' cybercrime unit and before that he worked for the Justice Department's computer crime section.

The leading alternative is Paul Kurtz.  Mr. Kurtz served on the National Security Council under both President Clinton and President Bush.  He was a member of President Obama's transition team leading the cybersecurity efforts.

There are also a handful of other candidates that stand a shot.  Rep. Tom Davis, a moderate Virginia Republican; Sun Microsystems executive Susan Landau; Maureen Baginski, a veteran of the National Security Agency and Federal Bureau of Investigation; Frank Kramer, an assistant defense secretary under Clinton; Melissa Hathaway, who led a cybersecurity review for the president; and James Lewis of the Center for Strategic and International Studies think tank, are all under consideration, says a source.

John Thompson, chairman of the board of Symantec Corp. who had previously been considered a front runner turned the position down.

One thing that adds to the difficulty of the efforts is that the exact role of the job and its authority (and jurisdiction) remains undefined.

Some candidates have already begun to criticize each other.  Mr. Lewis struck out at the corporate candidates, commenting, "Some guy from industry is going to write a national security strategy? No, they aren't. You don't just pick this up.  You need somebody who knows the national security game, who knows government and who knows about the technology."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Bad choices
By JasonMick (blog) on 6/12/2009 9:29:45 AM , Rating: 1
Actually, I would think someone from a successful corporate security firm or branch like Microsoft's security or Symantec (which has been better of late) would be a *good* choice. They know how to run a large organization efficiently, they should have a good view over the overall state of security. Better than a bureaucrat at least.

I do think it would make more sense to have two czars though, one for Windows systems (likely Charney) and one for Linux systems as the DoD and some other government branches extensively use Linux. I think Mr. Charney would be good for the latter job, but not as good as someone with dedicated experience in the Linux security industry (though many threats are on the app level these days anyways).


RE: Bad choices
By Screwballl on 6/12/2009 9:58:39 AM , Rating: 1
agreed....

"oh it runs linux? Thats why that system is insecure, lets replace these 2 million computers with Windows"

They need someone who actually worked extensively in the security field but with at least SOME corporate leadership experience or training.
We need a trained professional, not some stiff in a suit that doesn't know the difference between TCP protocol and packet sniffing.


RE: Bad choices
By borowki2 on 6/12/2009 12:10:05 PM , Rating: 3
or

"Our most dangerous cyber-adversary is the European Union. Nelly Kroes is worse than Osama bin Ladin."


RE: Bad choices
By callmeroy on 6/12/2009 12:47:11 PM , Rating: 4
This thread irks me - where do you folks get off that this MS guy is not skilled in cyber security ? I read the article it even stated he head up a cybercrime unit at Pricewaterhouse and worked for the Justice Department as well in a similar capacity.

I think unless we have his full resume , including education history -- its very cynical to jump to assumptions this guy knows nothing about computer security. My hunch is at his level NOW --- yes he probably isn't hands on as much being an exec, he delegates to others...but you don't no smart employer will give you the reins of an entire division (much less when its about security) on a flimsy track record and sub-par resume.

My guess is this guy knows a GREAT deal more about computer security than any of us in this current thread do.....


RE: Bad choices
By mfed3 on 6/12/2009 10:01:19 AM , Rating: 2
I agree with your first comment, but I just wanted to make sure you knew the DoD definitely does NOT use Linux extensively. In fact they barely use it at all.

The DoD uses Windows almost exclusively, even on the server side. Linux is only really used for some embedded systems or for development servers for source control (ex: svn etc).

It was only recently that the DoD was even allowed to use Linux at all, since Windows was previously mandated as the only OS that was allowed to be used.


RE: Bad choices
By JasonMick (blog) on 6/12/2009 11:46:17 AM , Rating: 1
Tanks and fighting vehicles ran on Linux last I checked, and still do, to my knowledge.

Development machines used for hardware, software, and mechanical development of fighting vehicles and aircraft, both within the DoD and its contractors often run on Linux deployments.

I'd call that a major deployment. True most of the computers physically used by soldiers and officers (outside vehicles) are Windows, but the development systems are heavily Linux -- and that's a particularly critical portion of the IT infrastructure to protect.


RE: Bad choices
By Spuke on 6/12/2009 12:02:13 PM , Rating: 2
When I was in the military 12 years ago, all of our critical systems were Linux and Unix. We even had some Linux and Sun desktops.


RE: Bad choices
By theapparition on 6/15/2009 8:13:30 AM , Rating: 2
This issue here is two-fold.

What the OP was refering to was desktop, or standard computer use. And he was absolutely correct that most installations are on Windows.

The sector you are talking about falls into embedded computing. While aircraft systems may certainly run a very customized and stripped down version of *nix, external security threats to them are virtually non-existant since they don't offer the connectivity and interfaces that would necessitate a security threat.

So why techically a large deployment, your argument fails logic because those systems are generally isolated. The biggest security threat to those sytems is from foreign entities gaining access to source code. However, once deployed, there is not much that can affect embedded software (if it's designed right).


RE: Bad choices
By stmok on 6/12/2009 3:48:01 PM , Rating: 2
quote:
I just wanted to make sure you knew the DoD definitely does NOT use Linux extensively. In fact they barely use it at all.


In 2005, the DoD bought a super computer for weapons design...It runs Linux.
=> http://www.defenseindustrydaily.com/dod-buys-2048-...


RE: Bad choices
By DigitalFreak on 6/12/2009 10:48:37 AM , Rating: 2
Someone from a successful corporate security firm - yes. From Microsoft or Symantec - hell no.


RE: Bad choices
By cnar77 on 6/12/2009 11:37:14 PM , Rating: 2
At this level the OS used is irrelevant. Government first needs to have unified standards across the board, proper staff training, policies, standards and procedures. A policy doesn't speak to the OS however procedures do as these are carried out my admins. Procedures would be designed in alignment with the standards created which are devised to meet the policy requirements. So no need for 2 persons in this role. But don't kid yourself in the business world this role is usually filled by a comittee or board of directors. One man doesn't make the call.


RE: Bad choices
By SiliconAddict on 6/14/2009 3:21:02 PM , Rating: 2
Oh give me a break. Do you really think someone charged with securing our infrastructure would throw out the use of Linux because he previously worked for MS? I'm sorry but CIO's don't work that way. He would look at the roll that needs to be filled and pick the best solution. sometimes that would be Windows or a MS solution. Sometimes it would be Linux.


"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki