But a strong personality could help centralize cybersecurity policy in the White House, panel agrees

President Barack Obama should name a White House cyber coordinator with the notoriety and clout to build consensus and direct cybersecurity policy, even with limited powers, a panel of cybersecurity experts agreed Tuesday.

Retired Air Force Gen. Dale Meyerrose, now vice president for Cyberspace at Harris. Corp., emphasized that the cyber coordinator ought to be "a person of prominent name recognition" in the cybersecurity industry.

Acknowledging that on paper the cyber coordinator has no budget authority and little if anything to offer agencies reluctant to cede their cybersecurity turf, Meyerrose was nonetheless optimistic that the right person could make something out of the position.

"Think big, start small, scale fast," Meyerrose stated as his mantra for such situations.

"Major things sometimes take small steps to get started," he elaborated. "By necessity, [a first step] ends up being a small step.

"Some folks would want to press harder and faster, but major things almost by necessity, if they are not in response to an emergency,...start small," he added.

Meyerrose identified three issues to tackle immediately to get the cyber coordinator involved in federal cybersecurity policy. First, the White House must identify his authorities. Second, federal stakeholders must accept the cyber coordinator into their processes to add the position into the flow of information and adjust processes around it. Finally, the cyber coordinator needs an agenda that can work.

The White House Cyber Security Policy Review made a number of recommendations, Meyerrose noted, but they cannot all be enacted first. An effective agenda must spell out how to implement those recommendations.

Effective cybersecurity policy is more necessary than ever because of a paradigm shift that has made technology more pervasive in the everyday lives of individuals, Meyerrose asserted. Therefore, the time had come for US cybersecurity policy to be elevated to the White House, he said.

"Technology and how we use it has fundamentally changed not only within our country but around the world," the general stated.

Former Rep. Tom Davis (R-Va.), who discussed the cyber coordinator from a legislative view, denied that he had any interest in the position himself despite persistent rumors that he is a top candidate for the job. While he would like to eventually return to government service, Davis indicated that he was happy to be a private citizen for a while.

"If I wanted to stay in government, I would have stayed in Congress," Davis quipped. "I was lucky enough to leave Congress undefeated and unindicted so it's sometimes best to go out on top."

That said, he lambasted the federal government for not following very basic cybersecurity protocols to the point where former federal workers could even walk off with computers as they leave their jobs. An effective cyber coordinator should work to reverse that trend, Davis said.

But the job will be very tough because they will face entrenched bureaucracies unwilling to surrender turf to a central coordinator, he continued.

Davis also insisted that it would take legislation from Congress to provide the cyber coordinator with real authorities. Such legislation adds more hurdles to the process of centralizing cyber authority as many congressional committees--such as the House Commerce, Financial, Government Reform, Judiciary and Science Committees--claim jurisdiction over cybersecurity.

"We are more vulnerable to cyber attacks than at any time of history and the goal is to get ahead of the curve," Davis remarked. Every cyber connection offers terrorists and other criminals opportunities to attack transportation systems, communications networks, electric grids and other critical infrastructure, he said.

James Bamford, an author of books on cyberspace, was skeptical that the cyber coordinator would have much influence at all because it is placed "pretty far down the totem pole in the bureaucracy," reporting to both the National Security Council and the National Economic Council.

"I don't know a powerful person who would take a job that low in the bureaucracy," Bamford protested. "I don't see how the person is going to have regular access to the president or have a voice."

In addition to having no budget authority, the cyber coordinator also must compete with the National Security Agency (NSA), which undoubtedly have direct control over the proposed US cyber command. The cyber command will either fall directly under NSA or the NSA director will transition into the cyber command, Bamford predicted.

"You are taking this enormous agency that abused the trust for a long time after 9/11...and giving them a very large role and a very powerful role in cyber information," he lamented. "I'd be much happier if they put a very powerful person in charge of all cyber activities so that the director of the cyber command reported to that person."

The Harris Corp. sponsored the expert panel, which spoke in Washington, DC.