An executive order that President Bush issued on Friday shifted a portion of the White House's Critical Infrastructure Protection Board to the Homeland Security Department, leaving high-tech groups unsure who in the administration will specifically oversee cybersecurity.
The board, which drafted the national cybersecurity strategy, and the position of White House special adviser on cybersecurity were officially dissolved, spurring high-tech representatives to furiously lobby the administration to ensure that one individual will be specially tasked to work on cybersecurity.
"We got assurances that cybersecurity remains a priority ... but it isn't clear as of today who will be in charge," said Harris Miller, president of the Information Technology Association of America, who noted that the "Slammer" computer worm recently caused $1 billion in damage to the economy and that hackers last month used the Internet to steal credit-card information on 8 million individuals. "More so than ever before, we need a strong advocate for cybersecurity in Washington, D.C."
Tiffany Olson, who has been deputy chief of staff at the board, said its operations and implementation portions are being shifted to the information analysis and infrastructure protection division in the Homeland Security Department. The board is to be merged with the FBI's National Infrastructure Protection Board, the Commerce Department's Critical Infrastructure Assurance Office, the General Service Administration's FedCirc and several other small agencies focused on physical and cybersecurity.
Olson said the new division would be in charge of implementing the national cybersecurity plan and will serve as the "focal point" on cybersecurity in the government. "We believe that the special adviser role will be moved to [the department], but it won't disappear," she said.
Cybersecurity policy will continue to be coordinated by the White House within the new Homeland Security Council, which was created to replace the White House Office of Homeland Security, she said. The council is a "peer" group to the existing National Security Council and is structured like that entity, Olson said, adding that there will be "a group of experts" at the Homeland Security Council focused on both physical and cyber infrastructure policy.
Richard Clarke was Bush's cybersecurity adviser from October 2001 until he left the post last month for the private sector. Howard Schmidt replaced Clarke in the interim, but it is not clear what job Schmidt will take in the administration. Olson said "no individual positions have been identified at this point."
Mario Correa, director of Internet and network security policy at the Business Software Alliance, said that while the cybersecurity adviser's position remains unclear, the industry will continue to lobby the administration about the "wisdom" of having one person with the ear of Homeland Security Secretary Tom Ridge to focus on cybersecurity.