White House's Cybersecurity Guy Proud Of His Lack Of Cybersecurity Knowledge Or Skills

from the say-what-now? dept

You don't have to be a coder to really do well in this position. In fact, actually, I think being too down in the weeds at the technical level could actually be a little bit of a distraction..... You can get taken up and sort of enamored with the very detailed aspects of some of the technical solutions. And, particularly here at the White House... the real issue is to look at the broad, strategic picture and the impact that technology will have.

But the other issue in my mind is that at a very fundamental level, cybersecurity isn't just about the technology but it's also about the economics of cybersecurity. Why companies choose to invest the way they invest. It's about the pscyhology of cybersecurity. You know, one of my sayings is that 'expediency trumps cybersecurity every time' meaning that people will prioritize convenience over being secure many times. So you need to have the understanding of those kinds of factors: the psychology, the economics, the broad policy, the politics with a little p, in addition to the technology. So you need to be more of a generalist than having a lot of expertise particularly in the technological side.

There are a few [challenges] that I can identify. One is that we don't actually truly understand the economics and psychology behind cybersecurity. We know that a huge number of intrusions rely on known fixable vulnerabilities... We know that intruders get in through those holes that we know about that we could fix. The question is, 'Why don't we do that?' That clearly leads me to the conclusion that we really don't understand all of those economics and psychology well enough.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

So we were just writing about how the White House appeared to be going with a security by obscurity tactic in denying an Associated Press FOIA request concerning the security behind Healthcare.gov. Specifically, the request was denied because the White House claimed that revealing such info might help hackers. As we noted, if revealing the basic security plan you're using will help hackers, then you're not secure and chances are you've already been hacked.Of course, perhaps the reason why the cybersecurity is so awful is because the White House's "cybersecurity coordinator," Michael Daniel, not only isn't a cybersecurity expert but thinks that's a good thing . II was joking. After spending a few minutes talking about all his training at Princeton and the Kennedy School at Harvard taught him to communicate well and "break down problems" he dismisses the need for actual technical knowledge.Now there is some truth to the idea that it's important to be able to look at the bigger picture, but when you're talking about cybersecurity, part of the way that you can look at the bigger picture is tothe technology. That's not "a distraction" it's part of the core andknowledge to then do the job of a cybersecurity coordinator. People who don't spend much time with these things view cybersecurity and technology as a kind of "magic." But it's not. Nor is technology economics, but Daniel thinks it is:Yes,to the technology. All of those thingsimportant, but they're mostly useless if you don't understand the underlying technology. He's then asked what are the biggest challenges and... after talking about how important it is to understand the psychology and economics (more important than the technology) he admits that he doesn't actually understand the psychology and economics. Because, apparently, he wants to make sure that he has none of the job qualifications for the job.So there you have it folks. The White House's cybersecurity expert doesn't have the technological expertise, but insists it's okay because he's focused on the economics and psychology of the fact that people don't patch their computers -- and then admits he has no idea why that happens.This doesn't make me feel any safer.

Filed Under: cybersecurity, cybersecurity coordinator, michael daniel, skills, white house