Greg Garcia: White House Staying the Cybersecurity Course
June 12th, 2009 by JD Kathuria
Greg Garcia
ExecutiveBiz: What is your cyber security background and what are you doing now?
Greg Garcia: I was the first presidentially appointed Assistant Secretary of Cyber Security and Communications from 2006 to 2008. Prior to that I was the Vice President at the Information Technology Association of America for their cyber security program, and spent a year and a half on Capitol Hill on the House Science Committee staff. The first Bill that I ever wrote (and helped shepherd to passage) was the Cyber Security R&D Act of 2002 which provided funding for basic research in Cyber Security. I founded Garcia Strategy, LLC which is a strategic advisory consulting firm devoted to cyber security and communications for both large and small companies. I have been on the cyber security mission pretty much full time since 2001.
”Governing in this way is really an art…whoever has the brush can either create a Jackson Pollack or a Mona Lisa. They need to strike that balance.” -Greg Garcia
ExecutiveBiz: What is your feedback on the President’s announcement of a Cyber Coordinator?
Greg Garcia: The Cyber Coordinator can be a very useful position. It needs to be somebody who has extensive executive business experience and understands the cyber mission from a business and specifically investment standpoint. The person needs to have government experience and understand how to navigate the bureaucracy and the politics of a complicated mission. The person also needs to have international credibility. Cyber security is an international issue that respects no specific borders because the Internet respects no borders. Like everyone, I’m interested to see who it will be; my caution is that the person not be a micromanager. The current agencies that are responsible and have authority for doing cyber security should be empowered to do the job; the Cyber Czar should be the coordinator, traffic cop if you will. Governing in this way is really an art so as I said before; whoever has the brush can either create a Jackson Pollack or a Mona Lisa. They need to strike that balance.
ExecutiveBiz: Is the Obama Administration building upon what you were doing with the Bush Administration or has President Obama taken cyber security in a new and different direction?
Greg Garcia: The biggest difference is that President Obama is taking a personal interest, starting with a speech dedicated to the issue. However I would say looking at the sixty day review, for those who have been aware and involved in this process over the past five years, the sixty day review is staying the course; and that it is an affirmation of all of the work that has been done up to this point. Those who have not been aware, who have not been a part of this process may see this as something new and exciting; it is not. It is clearly affirming all the work that the Homeland Security Department and many of the other agencies have been doing in cyber security for years. The fact that it is validated with the attention of the President is a very positive development.
ExecutiveBiz: With what you saw working on the issue for so many years, can you talk about the line between civil liberties and privacy as it relates to cyber security?
Greg Garcia: That is an issue the Bush Administration took very seriously, and indeed, for every monitoring relationship that the Department of Homeland Security has with other agencies, such as monitoring network traffic, there was always a privacy impact assessment in place. It is important to distinguish that when we talk about cyber security we are really talking about the ones and zeroes, the computer language that brings down networks and is able to steal information. It is not the text in the email that can cause damage to computers and computer networks. We need to make that distinction. We are monitoring malicious computer code, not people’s emails.
ExecutiveBiz: Can you talk about the role of contractors and the private sector and their role in solving the cyber security challenge.
Greg Garcia: Contractors are an important resource for the federal government; they tend to be up to speed on the latest innovations. Through the contracting process the government is able to surge its employment capacities and relax that capacity of when the mission is being fulfilled. The expertise that the contractors bring is a good resource across the federal government. We need to watch, however, the extent to which the contractors’ computer networks are interconnected with the federal networks, an issue we have seen in defense contracting. The contractors need to provide assurances that they are exercising a robust security practice and using robust security technology to protect any sensitive federal data that happens to be traversing their networks or stored on their networks.
ExecutiveBiz: The Wall Street Journal recently talked about the Defense Industrial Base or the DIB; what are your thoughts on the DIB itself and was that a successful program?
Greg Garcia: Yes, it is certainly an ongoing concern. It is an issue of determining the best standards of practice contractors need to employ to protect sensitive federal and government defense information. That very process requires the development of trust. The challenge in cyber security is to develop trust relationships between the federal government and the private sector to ensure that we can share the kind of information that is actionable, that is real-time, and that is coordinated. This project is an important one; it is just a matter of ensuring that we turn talk into action and into measurable results.
