The new US national security czar must have the budget, the necessary power to enforce change and the support of the government.
According to Lumension's Pat Clawson, it was important to make a very clear distinction about the role the cybersecurity czar must have to prevent the role from being toothless, as previous efforts in this area have proven to be.
He claimed that without finance, authority and support, ‘the person appointed to this position will almost certainly fail. It's been attempted before but was never properly executed. It's time to put some teeth behind this position to enact change before it's too late'.
he adviser will have the most comprehensive mandate granted to such an official to date. He will probably be a member of the National Security Council but will report to the national security adviser, as well as the senior White House economic adviser.
Clawson claimed that the key areas to be examined are the role of private enterprise in the overall national security posture in the US, articulate security standards government-wide that are achievable and enforceable, offer a net security benefit and establish a real-time threat assessment and/or gap analysis.
“We need to actively engage private enterprises in overall efforts to improve the country's security posture. Without private industry support, the cybersecurity czar will have a tough time fully securing our critical infrastructure currently managed by both the government and business communities,” said Clawson.
“While there have been attempts to enact security standards and government bodies in the past to impact our country's weak security initiatives, many were toothless, the policies weren't enforceable and there were no clear penalties for not adhering to those policies. There has to be some level of authority given to the cybersecurity czar to consolidate civilian and government entities as well as the Department of Defence's (at some level) existing security state and policies to affect change.”
He also claimed that a clear course is needed for how to resolve the national cybersecurity posture, as this is not just a government-enacted project but something that affects the entire country.