The resignation last week of two of the government’s top cybersecurity officials has raised questions about President Obama’s much-touted effort to fix policy for defending the nation’s computer networks.
Officials say the decisions by Melissa Hathaway of the National Security Council and Mischel Kwon of the Department of Homeland Security are not related, but some observers have linked them to suggest the White House is faltering in its effort to implement a new cybersecurity strategy and appoint a high-level national coordinator for the issue.
Rep. Bennie Thompson, Mississippi Democrat, chairman of the House Homeland Security Committee, said in a statement he was “troubled with the apparent loss of momentum on cyber-security, an issue that is critical to our national and economic security.” Former officials said the resignations, though their timing was coincidental, were indicative of the strain on top cybersecurity staff.
“This says a lot about the barriers and negative job conditions that cyber-security professionals within the U.S. government face,” said former Department of Energy cybersecurity official Eugene Schultz in an e-mail posting for the SANS Institute, an industry nonprofit that does research and education on computer security.
Rod Beckstrom, who quit a senior cybersecurity post at DHS earlier this year, told The Washington Times: “I know from firsthand experience how tough these federal cybersecurity jobs are.”
Art Coviello, president of RSA, the computer security company where Ms. Kwon will start work next month, said she had decided to leave Homeland Security to take advantage of a “fabulous opportunity” at RSA. “My perspective is, she’s not leaving the government, she’s joining RSA,” he told The Times.
“She’s still in the game,” Mr. Coviello added. “The services we offer to our government customers help keep the country safe.”
He dismissed the idea that the two resignations were indicative of any broader issue. “High pressure jobs [like these] are going to have a fair degree of turnover,” he said. “Two people [leaving] is not a trend.”
Over the past decade, cybersecurity has emerged as one of the key issues for U.S. national security because of the growing extent to which the nation’s government, commerce and military rely on the Internet and other computer networks seen as vulnerable to criminals, vandals and even terrorists or other attackers.
At the end of May, Mr. Obama unveiled the outline of a new cybersecurity strategy for the federal government, which under successive administrations has wrestled with the difficulties inherent in developing policy in such a novel and complex area. Cybersecurity impacts the activities of every department of government, is essential to the effective operation of the country’s military power, and must be implemented over infrastructure owned and operated by the private sector.
Mr. Obama promised to personally select a high-level White House official to lead the government’s cybersecurity efforts, but no appointment has yet been announced.
“It’s not unusual to take five or six or even eight months to recruit” for a key high-level post like this one, said Mr. Coviello, noting that he had once taken seven months to recruit a chief financial officer for his company.
Ms. Hathaway, currently senior director for cybersecurity at the White House National Security Council, was initially in the running for the new coordinator’s post, but last week she said she had withdrawn her application for the new job.
“It’s time to pass the torch,” she told the Wall Street Journal.
Ms. Hathaway did not respond to a request for comment Wednesday, but White House spokesman Nick Shapiro told The Times the administration was “grateful for her dedicated service and for the significant progress she and her team have made on our national cybersecurity strategy.”
Mr. Shapiro said the issue continued to be “a major priority for the president,” who was “personally committed to finding the right person” for the new cybersecurity job. “A rigorous selection process is well under way,” he concluded.
Some former officials say they understand why it might be taking so long.
Mr. Beckstrom said Ms. Hathaway “was incredibly hard driving” in her work for both the Bush administration when she led cybersecurity for the director of national intelligence and the current one. “It was a heavy lift to get consensus across all of the departments and agencies,” he said. “The rules, regulations and processes necessary to get new things created require inordinate amounts of time.”
Mr. Beckstrom also hinted that turf battles and internecine conflict made such jobs harder.
“Given that cyber is a high stakes game within the government, given its strategic nature, even greater pressure is placed upon the actors because of competing interdepartmental equities,” he concluded.
Officials acknowledge the complexity of the problems but say they are working to resolve them.
“When I came into the department, I think it’s fair to say we were not organized sufficiently where cybersecurity is concerned,” said Homeland Security Secretary Janet Napolitano last week.
“Just as these efforts were kind of spread throughout the federal government, they were kind of spread throughout the Department of Homeland Security.”
But Ms. Napolitano added that she had centralized the department’s cybersecurity efforts under one official, Philip Reitinger, a deputy undersecretary in Homeland Security’s National Protection and Programs Directorate.
“If the question is who at the Department of Homeland Security … do you call” about cybersecurity issues, “it’s either going to be Phil or someone who works for him.”