Bush administration to unveil cybersecurity initiative

The Bush administration is set to announce a cybersecurity initiative on Friday, prompting speculation by technology industry experts that officials will unveil the hierarchy of a new government office on the subject.

Robert Liscouski, assistant secretary for infrastructure protection at the Homeland Security Department, will host a roundtable to unveil the initiative, said David Wray, a department spokesman. Word of the event touched off talk that the White House has chosen a cybersecurity director who will be placed within Homeland Security, but Wray cautioned that the event would not be a "personnel announcement."

Sources close to the issue suggested that department officials are likely to announce the structure of the office, however. These people said Homeland Security will create a cybersecurity office within the information analysis and infrastructure protection directorate, and that the head of that office will report to either Liscouski or Frank Libutti, the directorate undersecretary.

The White House and Homeland Security have yet to select the person to fill the job, sources said. "They are still vetting the names of who they want to be cybersecurity czar," according to one industry source.

The move is intended to allay concerns expressed by the high-tech industry and critics on Capitol Hill that the Bush administration is not prioritizing the issue of cyber security. Industry experts said that whomever assumes leadership of the office must have the appropriate authority to execute effectively recommendations outlined in the national cybersecurity strategy, which the White House released in September.

Right now, "the Internet is being attacked," one source said, adding that "the people responsible for protecting the Internet have to be people recognized in the administration and the industry as credible and effective."

William Harrod, director of investigative response for TruSecure, an intelligence and security provider, said any role the federal government has in trying to bolster cyber security will require organizations to do it voluntarily, so a cybersecurity director has to have enough cachet within the administration to reach out to senior executives in the largest corporations and persuade them to follow the cybersecurity recommendations.

"It is really is going to require somebody at almost a Cabinet-level position to administer a brokering between the federal government and these organizations," he said.

He argued that the director needs both authority and a specific budget, noting that cybersecurity advisers in the Bush administration historically have lacked both.

Still, other industry sources said the anticipated announcement is a positive development.

"The fact that they've agreed to build an organization around implementing the national strategy, that it's to coordinate the cyber activities of the various offices within the department and to serve as the central point of contact for industry, that's what we've been asking for," the source said. "We're glad they're doing this."