Top Cyber-Security Post Is Filled

By Brian Krebs
Monday, September 18, 2006; 6:40 PM

The Department of Homeland Security on Monday announced that a technology industry lobbyist will become the nation's top cyber-security official, filling a key post that has been vacant since Congress created the position more than 14 months ago.

Greg Garcia, the vice president of information security policy and programs for the Information Technology Association of America, will become the first-ever assistant secretary for cyber-security and telecommunications.

In a written statement, DHS Secretary Michael Chertoff said "Greg brings the right mix of experience in government and the private sector to continue to strengthen our robust partnerships that are essential to this field." Garcia did not return calls seeking comment.

Garcia will oversee DHS's implementation of the "National Strategy to Secure Cyberspace ," a far-reaching blueprint for securing the nation's most critical information networks and for crafting a disaster-recovery and response plan in case of a major cyber-attack or other massive malfunction.

The strategy, first released in early 2003, envisions strong industry and government collaboration should an attack or malfunction disrupt the information systems that control the most vital information networks --- such as those that control regional telecommunications, water and power systems.

Insufficient progress has been made in meeting those goals over the past three years, according to a DHS report released last week summarizing the results of "Cyber Storm," a four-day exercise designed to test how nimbly industry and the government would respond to a concerted cyber attack on key information systems. The report suggested that government and private-sector participants had trouble recognizing the coordinated attacks, determining whom to contact, and organizing a response.

"I think Cyber Storm showed that we really haven't made that much progress in figuring out how we'd respond if something bad like this does happen," said James Lewis, director of technology and public policy at the Center for Strategic and International Studies, a think tank located in Washington, D.C. "With just two and a half years left, this administration is on a tight timeline to get anything done here... . But Greg is a great pick and should be able get things up and running at a good pace."

Past candidates for the post have been criticized by industry groups either for not having enough clout in Washington or not enough experience in the private sector. Garcia's experience in both worlds -- he served several years as a congressional staffer and as head of the Washington office for 3Com Corp., a Santa Clara, Calif.-based networking equipment company --- makes him an ideal choice for the job, said Shannon Kellogg, director of government and industry affairs at RSA, the security division of EMC Corp.

"He's a solid choice and will do a good job," Kellogg. "At the same time, it's important for him not to go in there and try to boil the ocean. He needs to choose three or four key priorities on cyber and work to move those forward."

The DHS cyber-security post was originally assigned to a lower hierarchical rung when the agency was first created in 2003. Three former top cyber-security officials resigned, and two complained publicly about their lack of authority, prompting Congress to elevate the position to the assistant secretary role last year.

© 2006 The Washington Post Company