Bruce Schneier says No Cyber Czar
Just finished reading a blog over over at Digital Underground saying that Bruce Schneier says we don’t need a cyber czar. I couldn’t disagree with Mr. Schneier more! His criticism is:
"Really what I think is it shouldn’t be anybody. We do better without a top-down hierarchy. Our economic and political systems work best when there isn’t a dictator in charge, when there isn’t one organization in charge. My feeling is there shouldn’t be one organization in charge. Not only shouldn’t it be the NSA, it shouldn’t be anybody."
I believe in federalism, but I don’t think that will work with cyber security. The problem isn’t with a central authority like a cyber czar. The problem is the lack of mandate to make the government networks/applications secure. In my experience, people are more worried about security taking too long to implement and getting blamed for vulnerabilities. If Obama appointed a cyber czar and at the same time signed an executive order mandating that all government network/applications meet a central standard in a reasonable amount of time, our cyber readiness would be much better. That mandate couldn’t be ignored…
In the comments of the above post, one topic being discussed is that IT workers should be certified like engineers or architects. This is an interesting concept, but I’m skeptical of how much this will help. I know of many projects that were certified by a Professional Engineer (PE) that had design issues. PEs are still human…