Chertoff said on Monday that Gregory Garcia, who has been working at a Washington-area trade association, would become the department's first assistant secretary for cybersecurity, with responsibility for advising agencies and the private sector.
The announcement ends a vacancy at Homeland Security that lasted more than 14 months and a wait that drew criticism from members of Congress, who it said demonstrated that Chertoff has not taken the topic seriously.
"Quite simply, our nation has been without adequate leadership on cybersecurity," Rep. Zoe Lofgren, a Democrat,in an opinion article that CNET News.com published in July. Republicans have also recently Homeland Security's cybersecurity efforts, and a has painted a picture of bureaucratic ineptitude.
Chertoff acknowledged last year that he had "initial concerns" about raising the profile of cybersecurity in a bureaucratic culture that had focused on physical threats since Sept. 11, 2001. It took a formal vote last May in the U.S. House of Representatives to --and an expected one in the Senate--to prompt Chertoff to two months later.
Garcia, who prior to accepting his new position was a vice president at the Information Technology Association of America, will succeed Donald "Andy" Purdy Jr., a two-year contract employee on loan from Carnegie Mellon University. Purdy, who has been criticized for taking the job of running a department that awarded at least $19 million in contracts to his university employer this year, was the acting cybersecurity chief.
It's not clear what took Homeland Security so long to fill the job, but some industry watchers have characterized it as having high-profile responsibility but little day-to-day authority over either the federal government or the private sector. (Johns Hopkins University Professor Avi Rubin said: "I sure wouldn't take that job--it only has a downside.")
In an appearance before Congress, Chertoff said last year that the assistant secretary "should not sit at the center of all federal agencies and direct and control their policies on information sharing and cybersecurity."
Washington veterans who know Garcia applauded Monday's announcement. It's "a year late but a positive development," said Shannon Kellogg, director of government and industry affairs for RSA, the security division of EMC. "To me, it's worth the wait. They really have someone who can get the job done."
Previous cybersecurity "czars" have been, besides Purdy,, a veteran of the Clinton and first Bush administrations who left the post with a lucrative book deal. Clarke effectively was succeeded in quick succession by , also known for in favor of the Communications Decency Act, then and Robert Liscouski.
Garcia will join an already complicated and sprawling hierarchy at the Department of Homeland Security. There's also an undersecretary for management, an undersecretary for science and technology, an assistant secretary for policy, an undersecretary for preparedness, an assistant secretary for intelligence and analysis, and assistant secretary for legislative affairs, an assistant secretary for public affairs, an assistant secretary for transportation security, an assistant secretary for immigration and customs, and an undersecretary for FEMA.
That's not counting a multitude of directors and commissioners (including the head of the U.S. Secret Service) who also report to Chertoff (click here for PDF of a departmental organizational chart).