Skip to Content

Cyber Security’s Cassandra Syndrome

A proposal to create a senior-level cyber security position at the Department of Homeland Security is killed at the eleventh hour. Why is this issue such a problem for the Bush administration?
December 10, 2004

The big news surrounding the passage of the Intelligence Reform Act this week was the creation of a new, top-level intelligence director position, which will oversee all aspects of intelligence gathering and dissemination in the U.S. government.

But the technology community was calling foul at the elimination of another proposed high-level post. During last minute, “mercurial” conference sessions, a provision that would have created an assistant secretary of cyber security within the Department of Homeland Security (DHS) was eliminated.

“The executive branch must exert more leadership” in this area, says a statement issued this week by the Cyber Security Industry Alliance, a Washington-based lobbying group.

Many hoped the post would help end the musical chairs nature of the current cyber security director position, which has been a problem since the Bush administration took office in 2000.

President George W. Bush appointed Richard C. Clarke to be the nation’s first cyber security “Czar”, but he resigned in frustration in February 2003. He was followed by Howard Schmidt, now the chief security officer at eBay, who also quit after two months. Most recently, the position was held by Amit Yoran, a former Symantec executive. But by then the position was a part of the DHS, and Yoran, reportedly frustrated by the lack of attention given to the issue, resigned in October after just one year.

No one doubts the necessity of protecting the nation’s airports and infrastructure, but the topic of cyber security doesn’t require a senior-level post says the DHS, which requested the excision, according to Harris Miller, president of the Information Technology Association of America (ITAA).

“We’re still examining respective options for reorganization,” says Katie Mynster, a spokesperson for DHS.” [But] regarding that position specifically, we continue to believe that the integration of physical and cyber security within the Infrastructure Protection Directorate is the best method to protect the nation’s infrastructure.”

Security observers fear that with the elimination of the assistant secretary proposal, cyber security could slip further down the mindshare and budget priority list. Miller says that because the assistant secretary position is a political appointee-level post, requiring congressional approval hearings, it carries far more heft than the current staffing level.

But there’s a more practical consideration as well, Miller says. The assistant secretary position is two people removed from the president’s ear, instead of the five that exist now.

“Unless you’re a senior person, it’s tough to meet other senior people. It’s harder to get face time,” says Miller.  “Washington is all about clout, real and perceived.”

Technology industry organizations on the hill that opposed the position’s elimination fear that without a senior-level person pushing for budgets and awareness, the nation risks a critical infrastructure attack, one that could cost multiple billions of dollars and possibly lives.

Right now, much of the discussion around cyber security involves hackers shutting down websites and stealing personal information. But with networked sensors and software-based operations at our nation’s power plants, petroleum refineries, and other critical locations, cyber-security proponents fear that someone might try to gain access to these points as part of a larger, coordinated attack with terrorism – not hacker hijinx – as a motive.

Further complicating the issue is the wide variance in security awareness among different industries and sectors. The finance industry, for example, is very much attuned to the issue of cyber security, whereas the agriculture, energy, and education sectors either don’t have the budget or don’t think the topic is a problem. Proponents say government-led initiatives, shepherded by an assistant secretary-level position, could help educate industries and the public, and work to protect against cyber attacks.

“The message the Department of Homeland Security is sending is that cyber security just isn’t that high of a priority,” says Miller.

Keep Reading

Most Popular

DeepMind’s cofounder: Generative AI is just a phase. What’s next is interactive AI.

“This is a profound moment in the history of technology,” says Mustafa Suleyman.

What to know about this autumn’s covid vaccines

New variants will pose a challenge, but early signs suggest the shots will still boost antibody responses.

Human-plus-AI solutions mitigate security threats

With the right human oversight, emerging technologies like artificial intelligence can help keep business and customer data secure

Next slide, please: A brief history of the corporate presentation

From million-dollar slide shows to Steve Jobs’s introduction of the iPhone, a bit of show business never hurt plain old business.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.