Where is our cyber-czar? As recent attacks on government and private Web sites illustrate, cyber-security is a critical national issue. That's why President Obama was right when he moved to create a high-ranking "cyber-czar" to guide the development of cyber-defense. Now, months later, there is work to be done, and there is still no one in place to do it. Obama's initial notion of a dual-role coordinator reporting to the National Economic Council and the National Security Council may be the problem - its nebulous authority has scared off even top potential contenders. Attracting someone to this vital job may mean giving the czar clearer authority to monitor and coordinate security efforts that are spread across multiple agencies. But the need for someone to develop a coherent cyber-policy is pressing.
Thousands of cyber-attacks occur every day on private and public networks, jeopardizing the data of more than 280 million people last year. But Obama's report on cyberspace policy found that "government is not organized to address this growing problem effectively now or in the future. Responsibilities for cyber-security are distributed across a wide array of federal departments and agencies, many with overlapping authorities, and none with sufficient decision authority."
The lack of a guiding vision has implications beyond mere inefficiency. The nation's cyber-defenses are being developed without any structure to guarantee transparency and accountability. So last month, when Defense Secretary Robert Gates created a consolidated military Cyber-Security Command, to be headed by the director of the National Security Agency, and this month, when a pilot program began expanding NSA technologies to protect civilian networks, these moves raised questions. Currently, cyber-defense responsibilities are split between the Department of Homeland Security and the Defense Department. But DHS cyber-defenders are becoming increasingly reliant on the capability developed at the Pentagon, a trend that will continue in the persistent absence of any better plan. If Americans don't want the NSA to become the clearinghouse for all cyber-security issues - a responsibility Gates does not want, either - an alternative vision is needed, and soon.
When Obama first made cyber-security an administration priority, he promised to keep government defenses out of private networks. But the Internet is an interconnected series of networks, making it difficult to determine where private security threats end and public ones begin. To defend against attacks, it may become necessary for the public and private sectors to share information and strategies for dealing with threats. All the more reason to make someone accountable for striking the right balance between liberty, security and openness.