DHS names cybersecurity czar
Gregory Garcia will be responsible for coordinating the government’s IT security policies.
The Homeland Security Department announced the appointment of a cybersecurity chief Monday, more than 14 months after the position was created.
Gregory Garcia, vice president of an information technology trade group and a former lobbyist and Capitol Hill staffer, will serve as the department's first assistant secretary for cybersecurity and telecommunications. The position does not require Senate confirmation.
A DHS spokeswoman said the department is negotiating with Garcia on his official start date, which likely will be in early October.
DHS Secretary Michael Chertoff said in a statement that Garcia brings the right mix of experience in government and the private sector to strengthen the agency's partnerships. Chertoff also said Garcia has the necessary expertise to focus resources in a manner consistent with DHS' risk-based approach to homeland security.
Garcia is the Information Technology Association of America's vice president for information security policy and programs, a position he has held since 2003. He also serves as the secretary for the IT Sector Coordinating Council, a group that serves as a point of collaboration between DHS and industry. He helped found the National Cyber Security Partnership, a government, academic and industry partnership.
Previously, Garcia worked for the House Science Committee and helped draft the 2002 Cyber Security Research and Development Act. Prior to serving on Capitol Hill, he was head of the government affairs office for the computer network company 3Com Corp. He also has worked as a lobbyist for Americans for Computer Privacy and the American Electronics Association. He graduated from San Jose University in 1985 with a bachelor of science degree.
Members of Congress expressed satisfaction that DHS finally filled the position, created by Chertoff in July 2005 after legislation threatened to force the department to create the spot and nominate someone to fill it in 90 days.
Through a spokesman, House Government Reform Committee Chairman Tom Davis, R-Va., said he has no doubt Garcia has the skills and experience required for the position. But he expressed concerns about the nature of the position.
Saddling the department with the burden of coordinating the federal government's information security policies remains a questionable move, said David Marin, staff director for the Government Reform Committee. The Office of Management and Budget already performs this type of governmentwide coordination; placing this new authority in DHS creates a competing entity, Marin said.
The fact that it took DHS so long to fill the position, despite its elevated status, signals that the agency is ill-suited to assume the responsibility of coordinating governmentwide cybersecurity efforts, Marin said.
Amit Yoran, former director of DHS' National Cybersecurity Division, said policy issues arguably are the most important aspects for an assistant secretary to master.
"I think that you're going to get good decision-making out of him and be able to pull folks together," Yoran said. "He may not be debating cryptographic techniques or nuances of key management technologies, but on the other hand, that's not what you need out of your assistant secretary."
Yoran said Garcia's greatest challenges will be building support for his programs and educating senior level officials on the importance of cybersecurity.
Private sector groups also applauded Garcia's selection.
John Pescatore, vice president for Internet security at Gartner Inc., an information technology research and advisory firm based in Stamford, Conn., said Garcia can be most effective by making the government a "model citizen" in cybersecurity.
But a government source familiar with the situation, who requested anonymity, was more critical. Garcia was not the department's ideal choice, the source said, and a long-time government official with the "perfect background" was turned down for the position because "he was too abrasive." Garcia was a safe choice and will please the ITAA constituency on Capitol Hill, but he lacks the necessary management experience and has been "a policy geek" his entire career, the source added.
Chertoff has acknowledged that recruiting qualified experts from the private sector was difficult due to the low salary, financial divestiture requirements and laborious and sometimes unpleasant background checks.
Last week, Chertoff told the Senate Homeland Security and Governmental Affairs Committee that a number of candidates took themselves out of the running. "We had some false starts, I would say."
Avi Rubin, a computer science professor at Johns Hopkins University and technical director of the Information Security Institute, said not only are government salaries drastically lower than private sector salaries, but the person filling the position has a high chance of becoming a scapegoat.
"There's no way to plug all the holes … if things go very wrong, you're blamed," Rubin said.