The news is out that Obama is appointing a cyber czar in the morning. One person will oversee all cyber espionage efforts. We’ve had a war czar, a terrorism czar and drug czars. Can you remember any one of their accomplishments? I can’t. Judge Kenesaw Mountain Landis is about the only czar I can name who had any sort of influence here in the US. Remember him? He was the "czar," the first commissioner of baseball, who cleaned up the gamel after The Black Sox Scandal of 1919. He also perpetuated the color barrier, a sad move that kept baseball segregated for the 25 years he spent as commissioner. That’s what happens when you give absolute authority. The game may get cleaned up but tyranny often follows. A cyber czar will never have absolute authority. And that’s a good thing. All this cyber czar can do is make suggestions. He has no budget. According to CNN, the czar will report to two people: the national security adviser and the National Economic Council. Two bosses? Bruce Schneier said it well in a Threatpost podcast:
"Really what I think is it shouldn’t be anybody. We do better without a top-down hierarchy. Our economic and political systems work best when there isn’t a dictator in charge, when there isn’t one organization in charge. My feeling is there shouldn’t be one organization in charge. Not only shouldn’t it be the NSA, it shouldn’t be anybody," Schneier said. "That’s the problem whenever you hear a cybersecurity czar being mentioned. The person doesn’t have budgetary authority. All they can do is ask nicely."
Schneier makes the point that what we really need is better management. It’s more a lack of precaution than anything else. For goodness sakes, the US Marshal Service got hacked last week because they did not update their anti-virus software. Further, as Schneier and others have said as well, tighten up the vendor requirements. Force the security vendors serving the US Government to do a better job with the products they supply. That will have a cascading effect. Security products will just get better for everyone. We have problems here with the security of our networks. But maybe what we really need is some simple maintenance and the influence of our government’s purchasing power to force the development of world class products that we can all use to protect ourselves.