August 4, 2009 - Eric Chabrow

The departure of Melissa Hathaway as the White House acting senior director for cyberspace is the latest reminder that it's been more than two months - and many would say too long - since President Obama announced his intent to name a White House cybersecurity coordinator.

And, that raises the second and what I see as a more significant stumbling block to filling the job: having two bosses, each with strong personalities and their own power centers in the White House. Who would want two bosses like that?

There hasn't been a shortage of candidates vetted for the job. Sources say at least 30 people have been considered, including Hathaway, with a few - such as former Rep. Tom Davis - who have been reportedly offered the job, or at least hinted they would receive an offer if they would accept the position.

Hathaway took herself out of the running for the job, most likely because she realized that despite her qualifications, she wasn't going to get the post. "I wasn't willing to continue to wait any longer, because I'm not empowered right now to continue to drive the change," she told The Washington Post. "I've concluded that I can do more now from a different role," most likely in the private sector.

(As an aside, it's unlikely that she'll return to the Office of the Director of National Intelligence - where she was on loan to the White House to conduct the "60-day" review of the federal cybersecurity posture - because her "rabbi," Adm. Mike McConnell, resigned as national intelligence director at about the time she took on the White House assignment. McConnell returned to the business consultancy Booz Allen Hamilton, where they both had worked before coming to the ODNI. Will she rejoin McConnell?)

What's holding up President Obama from naming his cybersecurity advise? No one from the White House is providing an explanation.

But I think the job remains vacant for two reasons. First, despite the promise the cybersecurity coordinator will have the president's ear, the job is perceived as not being senior enough to attract some potential candidates. As described by Obama, the cybersecurity coordinator would report to two top Obama advisers, James Jones and Lawrence Summers, who head the National Security Council and National Economic Council, respectively.

And, that raises the second and what I see as a more significant stumbling block to filling the job: having two bosses, each with strong personalities and their own power centers in the White House. Who would want two bosses like that?

No doubt, cybersecurity has a big impact on the nation's economy, and any disruption of the federal government or critical national IT infrastructure could prove calamitous. Still, other channels can be developed to collaborate on the economic impact of cybersecurity without having the cybersecurity coordinator report to the National Economic Council.

Obama should rework the White House reporting structure to have the cybersecurity coordinator report through the National Security Council. After all, cybersecurity security is an element of national security, isn't it?

Howard Schmidt: Timing Isn't Everything

One person who isn't upset that the job has yet to be filled is information security guru Howard Schmidt, the president of the Information Security Forum, who seems to be on everyone's short list of prime candidates for cybersecurity coordinator.

In an interview with GovInfoSecurity.com, Schmidt says the plain fact that the president said he would be actively involved in cybersecurity policy is what truly matters, not the timing of the appointment or to whom the cybersecurity coordinator reports. "I have little concern about the timeframe or position, just the fact that its got the right people doing the right thing and for the right reason," he said.