Howard Schmidt: ‘We will never have 100 percent security and still have an open society’

Howard Schmidt made his first public comments since his appointment as the White House’s cybersecurity coordinator at the annual State of the Net conference yesterday, saying “The president has been clear in designating me his lead officer” for government cybersecurity. The event was hosted in Washington by the Advisory Committee to the Congressional Internet Caucus.

Schmidt holds the title of special assistant to the president and senior director for cybersecurity, but he directly reports to the head of the National Security Council and is also a member of the National Economic Council.

“There is a direct linkage to the national security staff as well as the National Economic Council” that will temper the needs of security with concerns for economic freedom, he said.  Schmidt defines his job as risk management, not risk elimination.  “There are no absolutes,” he said. “We will never have 100 percent security and still have an open society.”

Schmidt said he is encouraged that federal CTO Aneesh Chopra and federal CIO Vivek Kundra see his position as aiding information technology innovation rather than hindering it.  New in office, Schmidt outlined his priorities for the job but offered few specifics about how he plans to achieve them. He said his goals were:

• Update the government’s strategy to secure its networks.
• Develop a coordinated incident response capability for both the public and private sector.
• Develop public/private partnerships and international relationships to increase security.
• Increase investment in American cybersecurity R&D.
• Increase public awareness of cyber threats.

Other areas of focus include supply chain management, ensuring the security and integrity of hardware and software when it comes from an outside vendor; identity management; and mitigating risks associated with cloud computing.

“I’m a big proponent of moving things to the cloud, but doing it right.” This means having the proper legal, policy and technical controls in place to ensure that information migrated off of local servers remains secure.  Schmidt said he will work with both CIO Kundra and the private sector to this end.

Although Schmidt’s authority only covers government computing, he emphasized that partnership and cooperation with the private sector will be necessary to achieve his goals.  “The federal government is the reality I have to deal with.”  However, the private sector, which owns and operates the majority of the nation’s critical infrastructure and provides the bulk of the government’s hardware and software, deserves a seat at the table, he said.