Learning the lessons of 9/11 for real

CNET News.com's Charles Cooper writes that the government's diffident approach to cybersecurity is a ticking time bomb.

Charles Cooper
Charles Cooper Former Executive Editor / News
Charles Cooper was an executive editor at CNET News. He has covered technology and business for more than 25 years, working at CBSNews.com, the Associated Press, Computer & Software News, Computer Shopper, PC Week, and ZDNet.
3 min read
President Bush and his senior advisers rarely miss an occasion to remind the nation not to forget the "lessons of Sept. 11." But less than two weeks before the fifth anniversary of the attacks, the question of who should coordinate cybersecurity remains an afterthought.

After the resignation of the first three so-called cyberczars, Congress said the answer was to give someone real authority within the Department of Homeland Security and let him or her direct cybersecurity policy. So it was that in July 2005, DHS Secretary Michael Chertoff agreed to create the post of assistant secretary for cybersecurity and telecommunications.

Good idea, but one year later, why does the post remain unfilled?

A spokeswoman claims the department is "moving diligently" to narrow its choices. But so far, she says, the department hasn't found a candidate with the necessary technical and operational experience to lead the new division.

If so, then we're in big trouble, as this would testify to a lousy bench of recruits available to Uncle Sam in times of emergency.

Maybe the Department of Homeland Security wasn't speaking with the right candidates. So as a public service, I decided to browse through my little black book and see what could be done. I dialed up a technology heavyweight I've known for years. This person had spent years navigating the corridors of power at the White House and possessed all the technical chops you would want from a dream candidate.

I asked if this person was interested in another tour of duty. No problem. All the government needed to do was ask.

But can the government pay enough to attract our best and brightest? Even if an all-star walked through the doors for an interview, DHS told me Silicon Valley offers financial inducements that are in another league.

In a narrow sense, that is true. So how about pointing to the Stars and Stripes when the job interview begins? I've griped about the unalloyed selfishness on display in many corporate boardrooms. But the greed-is-good crowd constitutes the minority. I'm always struck by the number of generous and highly talented people working in the technology field. A lot of these folks are filthy rich, but they aren't only motivated by money. Many freely give back to society because they believe it's their duty as citizens. If the government still can't locate a fitting candidate, Chertoff should give me a call sometime. I could provide a list of the truly qualified.

"I don't buy the argument that there are all these stock options out there and so it's hard to get people to work for government," said Paul Kurtz, a technology expert who helped put in place the initial strategy to address cybersecurity when he worked for the Bush White House. "There are a lot of people in government who could make a lot more money and yet they choose to work in public service."

What with al-Qaida still in business, the administration's defenders argue that the government's attention is occupied by more pressing matters. That's just the trouble. The government has invested a lot of effort into combating terrorism, improving airline security and finding more appropriate ways respond to hurricanes. But that doesn't help when dealing with the unknown.

"The government's very comfortable fighting the last war but not so comfortable planning for the unexpected," said Kurtz, who nowadays heads the Cyber Security Industry Alliance. "You've got tunnel vision at DHS and in the administration, where they're focused on the aftermath of Sept. 11 and Katrina and don't necessarily have their heads up to the fact that there are these other problems out there--and one of them is our dependence on the information infrastructure and the fact that it's increasingly under attack."

The Homeland Security Department was created to make sure the nation can rapidly reconstitute itself after there's a massive rupture in our infrastructure. We learned from Hurricane Katrina that if people can't communicate, the effects of a disaster--manmade or natural--get compounded. The growing fear is that the upper echelons of the government don't have the foggiest idea about what might happen if the nation's information infrastructure gets paralyzed.

Diffidence comes at a price.