Slashdot Mirror
Bush Names New Cyber Security Czar
goombah99 writes "The Washington Post reports that Cybersecurity "czar" Richard Clarke has confirmed widespread reports that he is leaving the White House, to be replaced by former microsoft security chief Howard Schmidt. He was also part of the Air Force's 'Computer Crime and Information Warfare division'. In related news, the National Strategy to Secure Cyberspace has received Bush's signature and will be released to the public in the next few weeks. Clark's blunt staements on the to the need to avoid erosion of privacy rights is rumored to have rubbed the administration the wrong way, prompting his exit. Anyone know how Schmitt will view the relative security of closed versus open source?"
Nothing says "Security" better to me than "Former Microsoft Security Chief".
For those of you not reading the article, it is important to note that Schmidt is already Clarke's deputy. It's not like he's being drafted straight out of Microsoft and into this top post. Besides, do we really think they'd accidentally get someone who was independent thinker in there if they could help it?
I do not have a signature
According to the schmitt bio: Prior to joining..., Mr. Schmidt was the Chief Security Officer for Microsoft Corporation, Redmond, WA. While there, he oversaw the Security Strategies group, insuring the development of a trusted computing environment via auditing, policy, best practices and incubation of security products and practices.
this does not sound like network security per se to meWe all tend to guilty of going-with-what-we-know. So his past is a relevant to gussing his future policy. Thus his involvement with microsoft and aspects of trusted computing are troubling. Another statement from his bio that i'd like to know more about is
Mr. Schmitt ....has been instrumental in the creation of public/private partnerships and information sharing iniatives
what sort of information sharing? Sharing as in the TIA's notion of it? or sharing as government databses need better integration? Given his FBI and Airforce 'crime information warfare' background it is probably safe to assume that he would see lack of integration as an impediment to law enfocement would like better sharing of confidential data amongst law inforcement. Not an entirely bad idea if safe gaurded and until it reaches the TIA sort of level.
Other than second guessing what I exepct will be the promotion of policy I wont like, the remainder of his Bio plainly says he is technically qualified for both the techincal, policial, manegerial, and policy aspects of cyber security. Few people would be as qualified to adminsitrate the office. I think I would just feel better if he were the deputy and someone else was setting policy.
Some drink at the fountain of knowledge. Others just gargle.
*****
Before joining Microsoft, he was a Supervisory Special Agent, Director of the Air Force Office of Special Investigations, Computer Forensic Lab and Computer Crime and Information Warfare. (HQ AFOSI/CCI). Under his direction he established the first dedicated computer forensic lab in the government. The AF specialized in conducting investigations into intrusions in government/military systems by unauthorized persons in counter intelligence and criminal investigations.
Before AFOSI he was with the FBI at the National Drug Intelligence Center (NDIC) where he headed the Computer Exploitation Team as a Computer Forensic Specialist. As one of the early pioneers in the field of computer forensics and computer evidence collection, he continues to provide training support to an international audience dealing with the new challenges around computer evidence collection and processing.
He was a City police officer from 1983-1994 with the city of Chandler Police Dept. Arizona. He served on the SWAT team, organized crime and narcotics investigations and field sergeant. While there he was detailed to the FBI academy teaching classes in the use of computers in criminal investigations for approximately 2 years.
Howard has over 31 years public service having served with the US Air Force in various roles from 1967-1983 both active duty and in the civil service. He has served in the military reserves since 1989 and currently serves as a Credentialed Special Agent, US Army Reserves, Criminal Investigation Division (CID). He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet activity.
He holds a Bachelors Degree in Business Administration, (BSBA) and a Master of Arts in Organizational Management (MAOM). He also has a Technician class Ham Radio License, and a Single Engine Land pilots license.
******
Hey folks, remember before you kneejerk -- there are more types of security than what programmers think of when they hear the term.
~REZ~ #43301. Who'd fake being me anyway?
According to this story, '...the attack "was 100% preventable." This view was shared Howard Schmidt, cyber security adviser to US President George W. Bush, who on Monday suggested that six months was more than enough time for systems administrators to plug the hole.'
The last time Microsoft's networks were attacked was the recent attack of the Slammer worm. It seems they didn't patch all their SQL servers.
This website lists 23 defacements of Microsoft web sites since the beginning of 1999.
One of the most embarrassing attacks was in 2000 when Russian crackers got into the servers that housed Microsoft's source code and waltzed around in there for up to three months!
Microsoft uses their own products, and thus are subject to the same security holes as their customers. Their network security and the insecurity of their products are pretty much one and the same: a joke. Anyone in charge of Microsoft's non-security has no business being the deputy, let alone the man in charge, of our nation's computer security.
But then, this isn't an issue of ability. As the article makes clear, the qualifications for the job are more about agreeing with the president than about securing anything.
"At this moment, it has control of systems all over the world. And...we can't do a damn thing to stop it."
Miyasaka, "Godzilla 2000 Millennium" (Japanese version)
That was my last point -- we don't have a reasonable way to evaluate him.
To be perfectly fair, we'd need to see his job description at Microsoft and compare that to what Microsoft did in the years he was there.
Agreed. We'd also need to see all of the decisions he made, whether they were carried out or not.
To me, that means that security issues stop at his door, and blaming the windows codebase or the CEO is a smokescreen - it's his job to make the product secure.
Agreed, but I'm sure you're also aware that in a corporation, it rarely works this way. I guess you could say that it may shed some light on his inability to build a compelling argument for the CEO, but my guess is that the financial aspect is alwas speaking in a louder voice.
If he can't convince the CEO that's important, then what makes you think the can convince Bush about anything important?
Absolutely nothing. I think there's hardly anyone who would be able to convince Bush of something he didn't want to hear anyway.
I read the article about his departure from MS, it was full of the normal corporate bullshit.
Just as a suspected.
which is probably politically wise, but still something I'd check off against him.
Isn't it funny how traits that are politically good and are what allow people to obtain and keep positions are the same traits that prevent someone from truly being of good character? It's a real shame. I often wonder what our government would be like it only the most honest and forthright were involved. Afterwards, I usually wake up from falling out of bed. :-)
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?