Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Government United States IT

Cybersecurity Czar Job Is Useless, Says Spafford 104

Trailrunner7 writes "It's been about seven months since Obama announced his plan to hire a cybersecurity coordinator, and the job is still vacant. Several prominent security experts have turned the position down, and in an interview on Threatpost, Purdue professor Gene Spafford says that the position is pointless. 'It won't have any statutory authority. It won't have any budgetary authority. That does not give it much authority of any kind. So when I hear that there are supposedly people who have been interviewed for this cyber coordinator job and didn't take it, I'm not surprised. It's not a winning position. I'm not at all surprised by the fact that it's empty. That position is a blame-taking position,' Spafford said."
This discussion has been archived. No new comments can be posted.

Cybersecurity Czar Job Is Useless, Says Spafford

Comments Filter:
  • I vote (Score:5, Funny)

    by nametaken ( 610866 ) * on Monday December 14, 2009 @03:47PM (#30435256)

    ...for me? It has Czar in the title, it has to pay more than what I make.

    • It's probably a non-paying, volunteer position. However, I doubt you'd go a week before coming home to find a ferrari in your driveway with the license plate "MCAFEE 1" and a note that says "From an old friend." in the driver's seat, under the key.
      • Re:I vote (Score:4, Funny)

        by nametaken ( 610866 ) * on Monday December 14, 2009 @04:06PM (#30435442)

        I find this compensation acceptable, particularly since I'm already in a near-volunteer position that only exists to place blame.

      • It's probably a non-paying, volunteer position. However, I doubt you'd go a week before coming home to find a ferrari in your driveway with the license plate "MCAFEE 1" and a note that says "From an old friend." in the driver's seat, under the key.

        And there you have the actual use for the position: appointments for help during the campaign to positions that themselves have their own kickbacks.

        Oh, also for Obama et al to hold up and say they strengthened security.

        Note that I voted for Obama, this is not bias. All politicians do bullshit moves like this, and I didn't vote for him because of anything related to cybersecurity (it was to get an appointment to department of interior.)

    • Comment removed (Score:5, Interesting)

      by account_deleted ( 4530225 ) on Monday December 14, 2009 @03:58PM (#30435376)
      Comment removed based on user account deletion
      • Re: (Score:3, Insightful)

        by elronxenu ( 117773 )

        When you have a high profile job in the public sector, you can expect that people are going to find out a lot about you. The media will want to know, and if you have any skeletons in your closet, they could well be revealed, one day.

        Bravo on you for wanting to keep your personal details private, but don't seek out any high profile positions as a result.

        • Comment removed (Score:5, Interesting)

          by account_deleted ( 4530225 ) on Monday December 14, 2009 @04:16PM (#30435570)
          Comment removed based on user account deletion
          • Re:I vote (Score:4, Insightful)

            by swb ( 14022 ) on Monday December 14, 2009 @04:33PM (#30435766)

            And they're also recruiting from the same talent pool as Google, Microsoft, and the Fortune 100.

            Those companies will also sniff around your background, but won't have a hissy fit if you've smoked a joint, own a gun or got a DUI in a rented Escalade with your mistress.

            After reading some of the disclosure materials required for government employment I'm pretty sure I will never even bother applying. Way too intrusive and not telling them exactly what they want is some kind of nasty Federal felony.

            • In case anyone wants specifics, here is the "main" questionnaire you have to fill out if you're going to have any kind of security clearance (even a really low one) while working for the Gov.

              http://www.opm.gov/Forms/pdf_fill/sf86.pdf [opm.gov]

              Also, note that lying on the SF86 is a felony. It's a terrifying, terrifying form.

          • Re: gun ownership. Most states require that firearms be registered, so it's not like they're asking about the ins and outs of your sex life with your spouse. Moreover, I doubt that gun ownership would be a major roadblock for any appointee. But it would be prudent of them to look over a person's ownership history and make sure they complied with the relevant laws at all times. After all, if they don't do opposition research, FOX News will.

            • Re: (Score:3, Interesting)

              Comment removed based on user account deletion
              • True, and in most states, the background check isn't a requirement for legitimate private sales either. However, I do know of a person with a Federal firearms license who attempted to get around the background checks with one customer and it blew up in his face.

        • Re: (Score:3, Interesting)

          When you have a high profile job in the public sector, you can expect that people are going to find out a lot about you. The media will want to know, and if you have any skeletons in your closet, they could well be revealed, one day.

          However, if you did want that high profile position, holding a very public auction of the (above-mentioned) McAfee 1 Ferrari and donating the proceeds to Kids with Cancer would pretty much guarantee you one. It would be the right thing to do, a nice thing to do, with the added bonus of cementing your image of incorruptability in the public eye. A smokescreen, yes, but one that'll get you high. At least until the McAfee "security enforcers" find you near a dark alley.

          On second thought, it does sound rathe

      • Re: (Score:2, Insightful)

        If you want any authority over me, then damn right it's my business. We have every right to know if you are abiding by the same rules you expect us to. Don't take it personally. I expect all people in a position of authority to give up their private lives, at least to the extent that we have to. Besides, government service is supposed to be exactly that, not a lifetime career position.

      • by Anonymous Coward

        Geez, look who's been confirmed.

        An Attorney General who thinks it's OK to pick a fundamental Constitutional right and strip it from individuals [gurapossessky.com].

        A tax cheat in charge of the IRS [wsj.com].

        A CIO who was strangely the ONLY one in his entire department that wasn't corrupt [businessinsider.com].

        What "draconian disclosure requirements" are you referring to? These are the guys who were CONFIRMED in office.

      • Re:I vote (Score:5, Funny)

        by BobMcD ( 601576 ) on Monday December 14, 2009 @06:01PM (#30436892)

        Among other things they want to know every single handle that you've ever used online, every single website that you've posted on...

        This is what disqualified me when I applied. I told them I sometimes used "Anonymous Coward" on slashdot.org...

      • I would never apply for a job that wanted to know that much about me. It's simply none of their business. I'm sure many others feel the same way.

        Then I guess the application wasn't for you or people like you. You realise there are plenty of others who would take such a job, including all the intrustions, for the power or prestige or simply as a damn impressive thing they could put on their resumes?

        I do agree it is somewhat ironic that they are asking for a "cybersecurity" position, since people with
      • by m1xram ( 1595991 )

        Do you think the President cares about embarrassment? You've pointed out the tax cheat, who actually never completely paid all the money he owes, but what about...

        • communists
        • lobbists
        • pro-terrorists
        • pro-child-porn

        He seems to appoint whomever he wants, sometimes in spite of FBI background checks.

      • particularly when you can make more money in the private sector

        Umm... you actually make way less in the private sector. A USA Today article [usatoday.com] that appeared last week confirmed what many of us have suspected for years, especially since this recession started. And that is that government employees make more than private sector employees. Period. They make more in salary (approximately 30% more), they have far better benefits (healthcare, pension, etc), and they get more perks. It's not the working/middle class

    • by LWATCDR ( 28044 )

      Yea I would take it as well. No win? not at all if you play the game.

      "The problem is that we have not budgeted enough for the needed programs."
      "The problem is that we do not the laws in place to solve the problems"
      "The problem is that organized crime, terrorists, and drug lords are using piracy to make/launder money"
      "This is a complex problem but with a enough study and the cooperation of industry and the goverment we can solve the problem."
      By the time I am out I will have a nice big consulting job for a mu

    • I'd prefer to be one of the snack-food czars. Maybe the potato chips, or pizza czar. As long as it pays well, or I get a lot of free snacks.

  • by istartedi ( 132515 ) on Monday December 14, 2009 @03:51PM (#30435292) Journal

    I'll take it. I've even worked in security, although as a programmer not as an executive or highly respected author and lecturer (e.g., Bruce Schneier) which is what I imagine they want and will never get.

    Where do I send my resumé?

    • Re: (Score:3, Insightful)

      by dikdik ( 1696426 )
      The second they use the term "Czar", to describe a person in administrative capacity over a regulatory body, they betray the authoritarian and anti-democratic ideology with which they conspire against representative government and individual rights and liberties.

      Czar is the Slavic rendering of Caesar. Why anybody sees this as an expediency worthy of trade-off for democratic involvement and oversight is a question I leave you, the dear reader to resolve.

      • Really? The entire point of the submission is that the post does not have any authority. Do you just make this post on any website using the word czar?

        Sorry if you were using sarcasm and I couldn't differentiate from a wingnut.

      • by maxume ( 22995 )

        They generally don't actually have any administrative capacity.

    • by The Archon V2.0 ( 782634 ) on Monday December 14, 2009 @04:47PM (#30435946)

      I'll take it. I've even worked in security, although as a programmer not as an executive or highly respected author and lecturer (e.g., Bruce Schneier)

      That's okay. As far as I know, few highly respected authors and lecturers have been asked. And asked or not, several such people have preemptively refused the, er, honor.

      which is what I imagine they want and will never get.

      If they wanted, I imagine they would've asked more people who could do it.

      Where do I send my resumé?

      First print off a copy of everything you've ever said online and send it so they can check it for anything embarrassing. I gather that's what one of their pre-screening requirements was. Which is to say, they want people who have never used the internet for their security czar.

      • Re:Recession (Score:5, Insightful)

        by istartedi ( 132515 ) on Monday December 14, 2009 @06:27PM (#30437196) Journal

        First print off a copy of everything you've ever said online and send it so they can check it for anything embarrassing. I gather that's what one of their pre-screening requirements was. Which is to say, they want people who have never used the internet for their security czar.

        How much time will pass before everybody is naked, drunk and stoned on their MyBooooook page, so that we can get over all this nonsense about being persecuted for stuff everybody knows happens?

  • I'm not sure a tzar helps. The people on the front line are independant businesses selling cyber security and the military. The two do not meet openly so the position is merely cerimonial.

    • by BobMcD ( 601576 )

      I'm not sure a tzar helps. The people on the front line are independant businesses selling cyber security and the military. The two do not meet openly so the position is merely cerimonial.

      Of course a T zar wouldn't help. That's a Soviet idea. We're talking about C zars here...

      • by dbIII ( 701233 )
        They are exactly the same thing and a Russian Imperial thing and not Soviet (the Tsar is the one they revolted against). It is really just two different spellings of Caesar, altered by a different character set and a couple of thousand years.
        It's a pretty silly title anyway for the head of a group of advisors to an elected government. I suppose they couldn't use the standby of "VP of whatever" for a title back when Nixon or whoever started using it in the USA.
  • by byrdfl3w ( 1193387 ) on Monday December 14, 2009 @03:54PM (#30435326) Journal
    ..won't have any statutory authority. It won't have any budgetary authority. But it WILL have FarmVille.
  • by surmak ( 1238244 ) on Monday December 14, 2009 @03:56PM (#30435344)
    See his blog post [schneier.com]
    • For the record, I [Bruce Schneier] was never approached. But I would certainly decline; this is a political job, and someone political needs to fill it.

      He went on to note that he wouldn't even need to be physically present in order to carry out the duties of the position. In fact, he's already carrying them out every morning while he eats breakfast [schneierfacts.com] and reads the paper, hence the position remaining apparently vacant for all this time.

  • That position is a blame-taking position,' Spafford said."

    Someone who's actually paid to be the goat.

    I can do that! Were can I get a job like that.

    • That position is a blame-taking position,' Spafford said."

      Someone who's actually paid to be the goat.

      I can do that! Were can I get a job like that.

      Almost any computer/IT/network/[yourtermhere] security position in a Fortune 500 company would fit the bill.

    • That position is a blame-taking position,' Spafford said."

      Someone who's actually paid to be the goat.

      I can do that! Were can I get a job like that.

      Seems like just about any IT position would qualify...

  • Puppet (Score:4, Funny)

    by Rivalz ( 1431453 ) on Monday December 14, 2009 @03:59PM (#30435392)
    A real security czar would be the man or woman behind the curtain. With a limp, a raspy voice, and insist that they are always watching us watching them watch other people who watch Ebay watching people selling watches trying to find the best watch to buy. Even when the security czar knows that everyone just uses cell phones now instead of watches. Thats why he must watch the watch watchers.
  • by recharged95 ( 782975 ) on Monday December 14, 2009 @04:06PM (#30435450) Journal
    "It won't have any statutory authority. It won't have any budgetary authority. That does not give it much authority of any kind"

    Kinda represents the majority of IT departments in big corporations.
  • by elrous0 ( 869638 ) * on Monday December 14, 2009 @04:07PM (#30435466)

    Tom Ridge [wikipedia.org] was nothing but the designated fall guy at the Dept. of Homeland Security, but he managed to parlay it into a book deal and a ton of great press. Not bad for a guy who had formerly been an almost completely unknown governor of a minor state. You think anyone would have given a rat's ass about his memoirs if he had turned that job down?

    If you can be a fall guy who manages to get out BEFORE the fall, there is real money and fame in it.

  • by jdogalt ( 961241 ) on Monday December 14, 2009 @04:07PM (#30435468) Journal

    Anyone else (unemployed and looking like me) feel like a disturbing portion of the job market is constituted of 'blame taking positions'?

    It's probably paranoia, but I feel like the businessworld is composed of corrupt people who will lie and bullshit, and then the poor saps that get stuck with the 'blame taking positions'.

    In my youth, I had naive libertarian beliefs about talented and competent people winning out in the free market against those types. Now that I've witnessed the naked annihilation of even the illusion of capitalism, via the bank bailouts... I just have no real hope that there is any way to make a living without either being one of those bullshitters, or poor blame taking saps. I guess the honorable thing is to just accept a sequence of blame taking jobs, and survive and get fed until we see a better age.

    • by NoYob ( 1630681 )
      I had naive libertarian beliefs about talented and competent people winning out in the free market against those types.

      Sure they talent and were competent - at bullshitting.

      Oops. I hope I didn't add to your despair. I have found a cure for that - see sig.

    • There is another way -- you have to provide a service (or product) people want at a price that helps other people. The problem with being a bullshitting parasite is if you are one, you are incompetent. A company that gets filled with these types of people in the end will be filled with people who are incompetent. As a result, you will not be able to provide as good a service as other people.

      Sure, it is true the banks managed to get their bailout through lucky lobbying, but unless they change what they a
      • by khallow ( 566160 )

        Sure, it is true the banks managed to get their bailout through lucky lobbying, but unless they change what they are doing, they will fail again, and smart people are already working on ways to make sure they don't get bailed out another time.

        I have some predictions to make here: 1) these banks will fail again, 2) they'll get their bailouts again through "lucky" lobbying, and 3) the smart people will once again be ignored.

      • Tell that to Philo Farnsworth. You forgot a step.

        "Invent something great," have a few million on hand to defend your patent, "and you will do fine."

        • Farnsworth did fine. If you have the good idea, venture capital will find you. Unless you have horrible social skills. Then you'll need to work on that.
          • OK, now we have more steps:

            1. Invent something great.
            2. Have millions to defend your patent.
            3. Have millions to beat the vulture capitalists away from your baby.
            4. Have a mother on the board of IBM and a father as a partner in one of the nation's most powerful law firms.
            5. Acquire the social connections to market your product.
            6. Profit.

            Bonus reading: The cheerful history of Edison and Tesla, and why virtue does not always win, even when Mickey Rooney plays you in the movie.

    • In my youth, I had naive libertarian beliefs about talented and competent people winning out in the free market against those types. Now that I've witnessed the naked annihilation of even the illusion of capitalism, via the bank bailouts... I just have no real hope that there is any way to make a living without either being one of those bullshitters, or poor blame taking saps.

      Oh, cheer up. It's nearly Christmas! :-)

      I guess the honorable thing is to just accept a sequence of blame taking jobs, and survive and get fed until we see a better age.

      Maybe some universities will start offering that as a major.

    • It's plenty well possible to [i]make a living[/i] without being a corrupt businessperson who feasts upon the lives and souls of the working class, it's just extremely difficult to become immensely financially successful.

      The trick, then, is to be happy with a comfortable lifestyle. Make enough money to ensure you and your family have a good life, make some smart choices with your savings, and be lucky enough to not work for a company that steals everything from you when it fails.

    • Anyone else (unemployed and looking like me) feel like a disturbing portion of the job market is constituted of 'blame taking positions'?

      It's probably paranoia, but I feel like the businessworld is composed of corrupt people who will lie and bullshit, and then the poor saps that get stuck with the 'blame taking positions'.

      In my youth, I had naive libertarian beliefs about talented and competent people winning out in the free market against those types. Now that I've witnessed the naked annihilation of even the illusion of capitalism, via the bank bailouts... I just have no real hope that there is any way to make a living without either being one of those bullshitters, or poor blame taking saps. I guess the honorable thing is to just accept a sequence of blame taking jobs, and survive and get fed until we see a better age.

      What you want is a manufacturing job of some sort. A job where you can actually point at an object and say I made that.

      Service sort of works for this as well... Except that it's very easy to wind up in a service position where your customers are blaming you anyway. Manufacturing generally results in an object that either does what it is supposed to, or doesn't - and there isn't typically a whole lot of room for shifting blame.

      Now, I'm not necessarily suggesting that you get a factory job - though there's

      • "Or point at a person who was either served or not."

        Whores: keeping the American Dream alive.

    • In a world where it's cheat or be cheated, it's hard to choose.

    • the naked annihilation of even the illusion of capitalism, via the bank bailouts

      Free markets tend to lead towards capitalism, but it is not the same thing as capitalism. Those banks that received bailouts are still making capital investments and are able to make their living doing nothing but investing. That is the definition of capitalism.

    • Your beliefs were right, they just don't exist in reality.

      I still hold forth that a free (libertarian) society provides the best opportunity for all people.
      Every other system has some ruling class that gets to sit on its laurels.

      That said, we do not live in a free society.
      Wall-street is not the free market.
      The healthcare system is not free market.
      Transit is not the free market.
      Government is not the free market. ... ...

      So yeah, if you want a job, you either have to go into a free market part of the economy (

    • by khallow ( 566160 )

      In my youth, I had naive libertarian beliefs about talented and competent people winning out in the free market against those types. Now that I've witnessed the naked annihilation of even the illusion of capitalism, via the bank bailouts... I just have no real hope that there is any way to make a living without either being one of those bullshitters, or poor blame taking saps. I guess the honorable thing is to just accept a sequence of blame taking jobs, and survive and get fed until we see a better age.

      Out of curiosity, did those naive libertarian beliefs ever get invalidated? Or are you glum because the problem is a bit harder than you thought?

  • directly or indirectly -- on our system of information networks. They are increasingly the backbone of our economy and our infrastructure; our national security and our personal well-being."

    And despite it all, he is totally unwilling to tell us we have the right to access. Just more bla bla bla..

  • by thrillseeker ( 518224 ) on Monday December 14, 2009 @04:19PM (#30435620)
    My coworkers are always volunteering me ... I'm (modestly) that good!

    Here's a photo of me on the job: http://www.frogview.com/uploadimages/45f9f6b1c0ed04.86765571frogview-gallery.jpg [frogview.com]
  • It could be my chance to move out of my mom's basement!
  • by synthesizerpatel ( 1210598 ) on Monday December 14, 2009 @04:21PM (#30435640)

    The assertion that this is a 'blame taking' job is unfounded, that it doesn't have statutory or budget authority is peripheral to what the role should be, and frankly somewhat insulting that the umbrage taken with it by 'the experts' is that it's a role that has no teeth.

    It's a job where the President consults you for your opinion and takes action based on your advice. Boo hoo you don't have any authority or a budget. Any consultant that is hired on to a tech firm is in the same boat.

    Also, yeah, I can understand why many security people have turned this job down. Because they're more interested in money than civil service -- how the hell is that a surprise?

    • by rudy_wayne ( 414635 ) on Monday December 14, 2009 @04:51PM (#30436008)

      It's a job where the President consults you for your opinion and takes action based on your advice

      Wrong. In 2008 Candidate Obama said he would create a postion reporting directly to him. This year, President Obama created a position of "Cybersecurity Coordinator" which is a low level position reporting to OMB (Office of Management and Budget) and NEC (National Economic Council). In other words, the person in this new position will spend their time writing reports which will then go to the bureaucrats in OMB and NEC who will stamp the reports as "too expensive in these tough economic times".

      Little or no information will ever reach the president. And even if it does, so what. It will be up to congress to allocate resources. Good luck with that.

      • by BobMcD ( 601576 )

        Little or no information will ever reach the president. And even if it does, so what. It will be up to congress to allocate resources. Good luck with that.

        And even if it did get so far, with all the big ticket items on the agenda you'd be screwed anyway. How is cyber security going divert money and effort away from healthcare reform, the war in Afghanistan, the war in Iraq, and the yet-to-be-released war in Iran? Now maybe if we put our war mongering away and rattled e-sabers instead this would be a good job to have. Short end of that is, though, that this absolutely will not happen in the next 2 years. And after that there's the election cycle where it s

      • by Ma8thew ( 861741 )
        My guess is that he has now realised that he hasn't got the time to have another person reporting to him.
    • Re: (Score:3, Interesting)

      by Stradivarius ( 7490 )

      It's a job where the President consults you for your opinion and takes action based on your advice.

      I suspect only the first part of that statement is really true, which is why this isn't a good job for those who want to actually solve the problems, not just pontificate on how one could solve the problems. I say this because:

      1. Fundamentally cyber is not a Presidential priority at this time. Jobs, health care, global warming, education - those are the things the President will be judged on, and thus what he is going to prioritize. Your advice will likely be heard, but it is unlikely the power of the pr

    • As a rebuttal, when was the last time a "czar" position appeared with no statutory or budget authority attached?

      However, the idea of a Cybersecurity Czar seems ineffective to begin with (remember DHS). A Cybersecurity Committee with mandatory quarterly/biannual face-to-face meetings with the POTUS seems more useful. The committee can concentrate on giving status updates and a high-level cost-benefit analysis that the POTUS could understand, while the POTUS would simply decide for or against.

      It'd be cheaper

    • You're not too familiar with what a "Blame taking job" really is, are you?

      This is basically a rehash of the old "intelligence Czar" fiasco. The position was supposed to bring all the various intelligence agencies in America together to prevent another intelligence failure like 9/11, but since the Czar didn't have any statutotry or budgetary authority, his decisions and recommendations could simply be ignored by anyone beneath him.

      Since the various intelligence agencies would have already taken any advice t

  • We don't need a "czar", we need a new military branch. I am not aware of ANY real and lasting contribution any "czar" has ever made in the United States. The first drug czars came close... if you call that a contribution, but from everything I've seen, they're basically PR and cheerleaders, and don't have much authority or get much done.

    If we're serious... and I mean really serious... we need a branch of the military to do the heavy lifting. We don't need to start this in a big way, but we need the securi

  • I'm tellin' ya... (Score:3, Interesting)

    by Quiet_Desperation ( 858215 ) on Monday December 14, 2009 @04:40PM (#30435844)
    ...Leo Laporte is *the* man for the job.
  • You must be new around here... Almost everything we do is worthless.
  • Czar logic (Score:5, Funny)

    by The Archon V2.0 ( 782634 ) on Monday December 14, 2009 @04:51PM (#30436010)
    So, if a drug czar tries to stop drugs, does a cybersecurity czar stop cybersecurity?

    But the drug czars have failed to stop drugs, so therefore a cybersecurity czar would improve cybersecurity!

    I finally understand government logic!

  • Comment removed based on user account deletion
  • Good - The last thing we need is for this or any similar position to have some real authority; it's likely only going to be a matter of time before anonymity and freedom online are ruined in the name of "security" anyways.

  • But a lot of us saw this a mile and a-half away. There are a lot of people involved close-up with POTUS' CyberSecurity initiative, and I had the honor of meeting one of the top brass in October. As excited as the people on the advisement staff seem or seemed to be, I could not shake the perception of trepidation in the voice and comments of the presenter. I even queried him about the "CyberSecurity Czar" (or "Director," as it is preferred to be called) and received a fairly vague answer with little notio

  • ... and many others, come to think of it.

  • an "organizational attenuator".

    Someone has to dampen energy that might elsewise get into the mechanisms that matter to the the alphas.

What this country needs is a good five cent nickel.

Working...