[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Purdy Tapped as Cyber-Security Director



http://www.washingtonpost.com/wp-dyn/articles/A12240-2004Oct6.html

By Robert MacMillan
washingtonpost.com Staff Writer
October 6, 2004

The Department of Homeland Security has filled the nation's top
cyber-security post after the previous chief abruptly resigned last
week in a move that raised questions about the Bush administration's
commitment to protecting U.S. computer networks from electronic
threats.

Andy Purdy, who served as deputy cyber-security director under former
National Cyber Security Division head and security industry
entrepreneur Amit Yoran, will act as interim director, according to an
e-mail written by Robert P. Liscouski, the department's head of
infrastructure protection.

Purdy has been a member of the cyber-security division since it was
set up in 2003, and was the vice chairman and senior adviser on
information technology issues for the President's Critical
Infrastructure Protection Board. Before that, he was a member of the
U.S. Sentencing Commission. He graduated from the College of William
and Mary and the University of Virginia Law School, and also worked as
a producer for NBC and CBS news programs.

Purdy declined an interview request, referring calls to the
department's press office. A department spokeswoman did not return a
telephone call seeking comment.

Purdy moves into his new role at a time when many cyber-security
authorities say the Bush administration has come up short in its
commitment to protecting the nation from computer viruses and other
electronic attacks. Industry officials and security experts said he is
a good fit for the job.

"We've worked with Andy for a number of years. ... He's a very smart
guy and very talented," said Harris Miller, president of the
Information Technology Association of America, an Arlington, Va.-based
lobbying firm.

However, Miller added, the structure of the department should be
altered to give cyber-security a higher profile in the administration.

"I don't believe [the cyber-security post is] a good long-term
position," Miller said. "It needs to be elevated. We've said that
repeatedly."

Paul Kurtz, executive director of the Cyber Security Industry Alliance
and a former White House computer-security official, said, "It's hard
to find somebody in this town who doesn't get along with Andy," but
"it's the position, not the person, that counts."

"Andy is a terribly nice guy and will obviously try to do the best
thing, but without authority and without the ability to reach up into
[the department] and to reach out among other federal agencies as a
more senior person, it's going to be difficult for him to do the job,"  
Kurtz said.

This is a problem that industry executives and former government
officials said contributed to Yoran's decision to resign last week.  
Yoran became director of the cyber-security division in September 2003
after the previous White House adviser, Howard A. Schmidt, resigned in
April to become the head of security at online auction company eBay
Inc. Schmidt succeeded Richard A. Clarke, who had stepped down three
months earlier, warning that the administration needed to take online
security more seriously.

Yoran, who declined to comment for this story, was in charge of
implementing the recommendations in the administration's national
cyber-security plan, a document that received criticism from a variety
of sources for failing to require the business community to strengthen
its online security. He also oversaw the creation of the U.S. Computer
Emergency Readiness Team, which coordinates efforts to fight online
network attacks.

Nevertheless, the problem with the position is that it is too far down
the chain of command from Homeland Security Secretary Tom Ridge, said
Rep. Mac Thornberry (R-Texas), who along with Rep. Zoe Lofgren
(D-Calif.) sponsored a House bill to revamp the nation's intelligence
structure and elevate the cyber-security position.

The position answers to Liscouski, who in turn reports to department
Undersecretary Frank Libutti. There are two bills in Congress that
would elevate the director's position to an "assistant secretary"  
position, on par with Liscouski, but Congress has not approved either.  
The House is scheduled to vote on Thornberry's and Lofgren's bill
tomorrow, but the measure faces tough opposition, including from some
members of the 9/11 commission that issued the original
recommendations.

"This is one of those steps that a conservative Republican and a
liberal Democrat who've worked on this issue for the past couple of
years think needs to be taken, in part to elevate the position [and]
in part to elevate the issue so it just doesn't get buried,"  
Thornberry said.

Although there has been little evidence to support their assertions,
many experts say the Internet remains vulnerable to incidents of
"cyber-terrorism," including the possibility that terrorists could
take advantage of network connections to manipulate or damage the
electronic systems that run the nation's water and power grids.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/