More Reasons For A Matchmaker, Not A Czar
They can't stop poverty or drugs; they're not stopping cyber threats
By Michael Tanji | August 19, 2009
It is almost an annual occurrence now, the 'biggest hack ever.' Unlike other major events of a malicious nature though, cyber-based mayhem brings with it decreasing levels of interest and concern. The hubbub of the Heartland Payment Systems compromise in 2007 was less an event than the TJX compromise of 2005. I would not count on 2010's "biggest hack ever" to even make the Drudge Report.
Would the "biggest hack ever" have been thwarted had we been addressing cyber threats at the national-level with a cyber czar? "Czars" head our national efforts against poverty - a 40+ year effort - and drugs - a 40 year effort - is anyone foolish enough to argue that there are no poor people or drug addicts in this country?
One look at the nature of this latest compromise explains why a cyber czar - in the model of governmental czars before them - is doomed to failure. It took the full force of the government, and probably no small amount of effort by the compromised institutions, to arrest one whole individual. This is as close to superempowerment as you're going to see outside of a movie theater. Gonzales' cohorts are safely out of reach of US authorities, and for those who can remember that far back, the only reason Ivanov and Gorshkov were arrested was because they were foolish enough to set foot on US soil. The cyber czar could have a cyber army and he'd still lose to three guys in their respective basements.
You don't fight a network with an org chart; you fight it with a competing network. That's why a cyber czar is a non-starter (I point to the long list of usual suspects who won't take the job as a supporting evidence). What this nation needs is someone who understands government's problems (both at a national an agency level) and industry's solutions and can make sure the right people are working together (government-to-government, government-to-industry, industry-to-industry). The more networks, or at least the more effective networks we build that are designed to combat cyber threats, the more effective we will be at stopping or mitigating the effects of said threats.
We need someone at the national-level addressing the security of cyber space; we just need to make sure the job requisition is written properly.