The cyber-man with Obama's ear

Howard Schmidt is the White House's new cyber-security coordinator. In this role, Schmidt serves on the President’s economic council and National Security staff with direct access to the President looking to coordinate a national approach to cyber security issues. Schmidt was previously the president and CEO of the Information Security Forum and has spent the past 40 years in key government and industry positions.

A major plank of his work will be looking at the security implications of the wider move to Cloud Computing in the US federal government sector. “I’m a big proponent of moving thing to the Cloud, but moving it right,” he says. “I think we have tremendous economic benefits in doing so, but we have to make sure that we do it where we have specific agreements from a legal perspective on what it is that we’re putting [in the Cloud], where it’s going to be, what are the authentication mechanisms, all the technical controls around it, as well as the international legal control.

“The President has been clear in designating me his lead officer for government cybersecurity,” explains Schmidt of his new role. “There is a direct linkage to the national security staff as well as the National Economic Council” that will help balance the needs of security as well as the economy.”

No absolutes

Among the primary objectives he identifies for his new role are the need to update the strategy to secure the government’s networks, create public awareness of cybersecurity and develop an organised and unified incident response capability that would include the private sector as well as government.

“There are no absolutes. We will never have 100% security and still have an open society,” he warns. “I get asked this question all the time: are we more secure now than we were last year? Absolutely. We got newer versions of software from the browser community. We got many choices out there now. They pay a lot of attention to the vulnerabilities, and fix them quickly.”

“The federal government is the reality I have to deal with,” he says, but adds that the private sector, which owns and operates the majority of critical infrastructure needs to be factored in.

He's also quick to put realistic expectations into the public domain about security. “While we can’t stop the threat players out there, while we can only do so much to reduce vulnerabilities, we can take the step to make sure that we have steps in place to recover quickly from some of the things we might have to face someday,” he said.

He adds that he is conscious of the need for cybersecurity awareness not to trample on privacy and civil liberties. "The thing I think should never be lost in our discussion is the discussion about privacy," he says. "I've said for a long time privacy and security are two sides of the same coin. Very clearly, without security, we have no privacy. Data protection is key to the things we're going to do. As I was going through and discussing with leadership coming into this position, I always made sure we had a discussion about privacy.

"We have teams actually going through that data making sure the privacy protections are in place and making sure we are as open as possible," he says. "It's going to be dynamic. Every data set we look at as government and every data set we generate will require someone looking at it with a critical eye, making some tough calls on it and having a dialogue in weighting the two pieces of it. We would never want to wind up putting us in a bad position from an international terrorist perspective or some bad actor out there using the data against the people or government itself."