Melissa Hathaway

The Obama administration was expected to name a Cyber Czar and release a cyberspace policy review last Friday.   The administration released the 76-page “Cyberspace Policy Review”  as expected.   Unexpectedly, the administration did not name a “Cyber Czar.”  Melissa Hathaway, acting senior director for cyberspace at the National Security Council and the author of the review has been touted as a front-runner for the position, and here are some other contenders:

• Scott Charney, corporate VP of Microsoft’s Trustworthy Computing (TwC) Group.  This would be the second time Obama appoints a Microsoft executive to a high-level advisory position, having already appointed Microsoft Executive Craig Mundie to PCAST.
• Roger W. Cressey, former Chief of Staff to the President’s Critical Infrastructure Protection Board, and former Director for Transnational Threats on the National Security Council, where he managed the U.S. Government’s response to the Millennium terror alert, the USS COLE attack, and the September 11th attacks. He is currently a partner at Good Harbor Consulting, LLC
• Paul Kurtz, founding Executive Director of the Cyber Security Industry Alliance (CSIA), former member of the Homeland Security Council (HSC) where he formulated the international component of the National Strategy to Secure Cyberspace.  He is currently a partner at Good Harbor Consulting.
• Rear Admiral Robert C. “Willie” Williamson, USN (RET) joined Raytheon, Network Centric Systems in March 2004.  Currently, Willie is the vice president of International Programs for Integrated Communications Systems (ICS).

The review, praised by some industry advocates, is similar to the Bush administration’s 76-page National Strategy to Secure Cyberspace.  The biggest change is that cybersecurity will be centralized under the White House rather than the Department of Homeland Security.

Whoever Obama names, they will work closesly with recently-confirmed Federal CTO Aneesh Chopra and CIO Vivek Kundra to secure and streamline national data networks.

Zen and the Government Contracting Industry

Lakers coach Phil Jackson applies a Zen perspective to his management.  With questions like “What is the sound of one hand clapping?” ancient Zen Masters tried to communicate to their students that there are no easy answers and today’s IT contracting experts have picked up where the Masters left off.

 Microsoft and Google Search Engine Competition Escalates

Microsoft’s new search engine, “Bing” launched Monday.  New features include an ”explorer pane” summarizing content of individual search results and a related search window that turns up useful information instead of advertisements.  In a world where Google is ubitquitous enough to be added to the Merriam-Webster dictionary, the conflict might seem a foregone conclusion, but Bing’s simple layout, and Google-rivalling speed and user-friendliness might carve Microsoft a slice of Google’s market-share.

Google fired back, announcing that its free Android operating system will power a new generation of laptops, trying to crack the foundation of Microsoft’s 90% market share in personal computer operating systems.  Industry experts say that Android’s freeware status could force Microsoft to lower the price of the upcoming Windows 7 operating system.

Which is better?  You decide.

Chertoff to Speak at Potomac Officers Club on July 16

Register here.

As any Lakers fan knows, Zen philosophy has important management applications.  Ancient Zen masters were famous for their kōan, often-perplexing one-liners “What is the sound of one hand clapping?”  Perhaps these ancient teachers were trying to communicate to their students that there are no easy answers and maybe today’s IT contracting gurus have picked up where they left off.

We’ve scanned our archives and come up with this collection of memorable quotes from our masters for those who seek enlightenment.

• “The mistake is to assume cybersecurity is a technical issue, not an influence problem.” – David Maxfield, author of Influencer

The master knows that security is more than firewalls and virus scans. Employees made hackers’ jobs easier in the 2005 NASA breach by using weak passwords like “administrator” or none at all.

• “People typically think of accountability as holding somebody accountable if something goes wrong. I think of it in the broadest sense: When somebody achieves something, they ought to be recognized.” – Tim Atkin, COO of SRA

The master understands that there are two sides to the coin of the human component.  Encouraging airtight IS habits is just as important as discouraging sloppy ones.

• “If you restrict yourself to a narrow focus there is the potential that you will miss out on some opportunities outside that area of expertise.” -Eric Wieman, VP of Civilian IT for Perot Systems

The master sees that the roulette wheel of profitability spins too quickly to place all of his chips on one square.  Diversify to reap the profits of progress.

• “Selling is not installing. Don’t worry about the fact that you might not have the capabilities to execute on a project today, go ahead and do the selling. Then if you are successful in developing that win, work on the execution.”  -Rick Marcotte, CEO of DLT Solutions

The master always puts one foot before the other.  Never over-commit, but in general, sell first and ask questions later.  Where there’s a contract, there’s a way.

David Maxfield, author of Influencer

Cybersecurity isn’t just a technical issue, it’s a matter of policy — and influence. So said Melissa Hathaway at a recent conference on the issue. “It takes a combination of strategies aimed at a handful of vital behaviors to solve weighty and persistent problems,” said Hathaway to an audience of information security professionals. In offering those remarks, Hathaway was borrowing a page from The New York Times best-selling book, Influencer. The book argues that peer pressure can harness the power of everyone to make change. How so? For answers ExecutiveBiz recently caught up with David Maxfield, one of the authors of Influencer. Here Maxfield offers his take on how to influence others on the cybersecurity front — and in other aspects of your life.

NYT Best Seller, Influencer

ExecutiveBiz: What’s one of the biggest mistakes people make in trying to influence the direction of cybersecurity?

David Maxfield: The mistake is to assume cybersecurity is a technical issue, not an influence problem. We’ve done a lot of research in the project management space, and we’ve found that when it comes time for implementation, snags in implementation are rarely due to technical issues. Moving forward involves policy and politics — and that’s where things get rough. If there is no alignment at the policy level, don’t expect technology alone to fix cybersecurity challenges.

ExecutiveBiz: How can you find common ground?

David Maxfield: My dad has a saying, “If something isn’t worth doing at all, then it certainly isn’t worth doing well.” So, begin by working to find mutual purpose — the mutual interest — that would motivate similar best practices.

ExecutiveBiz: Employees have been called the “weakest link” in cybersecurity. How can you influence them?

David Maxfield: First identify vital behaviors. In most situations — even when there’s a complicated dynamic going on — there are usually two or three behaviors that drive the majority of the change. Then define what it is you want your employees to do. Otherwise the request is too abstract. Read the rest of this entry »