washingtonpost.com  > Technology > Tech Policy > Security

Purdy Tapped as Cyber-Security Director

By Robert MacMillan
washingtonpost.com Staff Writer
Thursday, October 7, 2004; 9:15 AM

The Department of Homeland Security has filled the nation's top cyber-security post after the previous chief abruptly resigned last week in a move that raised questions about the Bush administration's commitment to protecting U.S. computer networks from electronic threats.

Andy Purdy, who served as deputy cyber-security director under former National Cyber Security Division head and security industry entrepreneur Amit Yoran, will act as interim director, according to an e-mail written by Robert P. Liscouski, the department's head of infrastructure protection.

_____Related Coverage_____
Report Faults Cyber-Security (The Washington Post, Jul 23, 2004)
U.S. Goals Solicited On Software Security (The Washington Post, Apr 2, 2004)
Cyber-Security Coordination Lacking, Senators Contend (The Washington Post, Feb 25, 2004)
Top U.S. Cyber-Security Official Resigns (The Washington Post, Oct 2, 2004)
New Windows Patch Proves Tricky (washingtonpost.com, Oct 1, 2004)
How to Protect Your PC Against the Latest Microsoft Flaw (washingtonpost.com, Oct 1, 2004)
More Security News

Purdy has been a member of the cyber-security division since it was set up in 2003, and was the vice chairman and senior adviser on information technology issues for the President's Critical Infrastructure Protection Board. Before that, he was a member of the U.S. Sentencing Commission. He graduated from the College of William and Mary and the University of Virginia Law School, and also worked as a producer for NBC and CBS news programs.

Purdy declined an interview request.

Homeland Security spokeswoman Michelle Petrovich said that "Cyber-security will continue to be a priority of the Department of Homeland Security and we plan to move quickly to fill the position with someone who has demonstrated leadership in this important field."

Purdy moves into his new role at a time when many cyber-security authorities say the Bush administration has come up short in its commitment to protecting the nation from computer viruses and other electronic attacks. Industry officials and security experts said he is a good fit for the job, but that the position needs more authority in order to make a difference.

"We've worked with Andy for a number of years. ... He's a very smart guy and very talented," said Harris Miller, president of the Information Technology Association of America, an Arlington, Va.-based lobbying firm. Nevertheless, Miller said, the job "needs to be elevated."

"Andy is a terribly nice guy and will obviously try to do the best thing, but without authority and without the ability to reach up into [the department] and to reach out among other federal agencies as a more senior person, it's going to be difficult for him to do the job," said Paul Kurtz, executive director of the Cyber Security Industry Alliance and a former White House computer-security official.

This is a problem that industry executives and former government officials said contributed to Yoran's decision to resign last week. Yoran became director of the cyber-security division in September 2003 after the previous White House adviser, Howard A. Schmidt, resigned in April to become the head of security at online auction company eBay Inc. Schmidt succeeded Richard A. Clarke, who had stepped down three months earlier, warning that the administration needed to take online security more seriously.

Yoran, who declined to comment for this story, was in charge of implementing the recommendations in the administration's national cyber-security plan, a document that received criticism from a variety of sources for failing to require the business community to strengthen its online security. He also oversaw the creation of the U.S. Computer Emergency Readiness Team, which coordinates efforts to fight online network attacks.

Nevertheless, the problem with the position is that it is too far down the chain of command from Homeland Security Secretary Tom Ridge, said Rep. Mac Thornberry (R-Texas), who along with Rep. Zoe Lofgren (D-Calif.) sponsored a House bill to revamp the nation's intelligence structure and elevate the cyber-security position.

The position answers to Liscouski, who in turn reports to department Undersecretary Frank Libutti. There are two bills in Congress that would elevate the director's position to an "assistant secretary" position, on par with Liscouski, but Congress has not approved either. The House is scheduled to vote on Thornberry's and Lofgren's bill tomorrow, but the measure faces tough opposition, including from some members of the 9/11 commission that issued the original recommendations.

"This is one of those steps that a conservative Republican and a liberal Democrat who've worked on this issue for the past couple of years think needs to be taken, in part to elevate the position [and] in part to elevate the issue so it just doesn't get buried," Thornberry said.

Although there has been little evidence to support their assertions, many experts say the Internet remains vulnerable to incidents of "cyber-terrorism," including the possibility that terrorists could take advantage of network connections to manipulate or damage the electronic systems that run the nation's water and power grids.

© 2004 TechNews.com