Loss Of Cyber Expertise Is A Problem For Trump

Uploaded on 2017-08-21 in FREE TO VIEW, GOVERNMENT-National, NEWS-Cybersecurity News

The Trump administration has lost a handful of individuals serving in top cybersecurity roles across the federal government in recent weeks, even as it has struggled to fill top IT positions.

The developments present hurdles for the new administration and speaks to the longstanding challenge the federal government faces in competing with the private sector for top tech talent.

Among those resigning is Richard Staropoli, a former US Secret Service agent who served as chief information officer (CIO) of the Department of Homeland Security for just three months before announcing abruptly that he would leave.

Staropoli, who as recently as June forecast big plans to reorganize the department’s information technology office, will officially leave the post at the start of September, turning the role over to his deputy on a temporary basis.

The Office of Personnel Management (OPM) is also about to lose its top IT official, with news that CIO Dave DeVries has resigned from his position and will leave in September after about a year on the job.

OPM has been under intense scrutiny from lawmakers and others since 2015, when it was revealed that a breach of its data systems resulted in personal information on more than 21 million Americans being exposed to Chinese hackers.

A spokesperson for the agency confirmed DeVries’s resignation, which was first reported last week, attributing his decision to family considerations. OPM does not yet have information on who will serve as interim or acting CIO, the spokesperson said.

On Friday 18th August, the Navy lost its CIO.

However, Rob Foster, who has served in the role for more than two years, is transitioning to another role in the federal government, moving to fill the deputy CIO role at the National Credit Union Administration.

The cyber-security coordinator for President Obama’s White House said the administration can survive the turnover, but that it could cause long-term problems.

“As a general rule, the immediate departure of a few individuals is not going to make a difference in the federal government’s overall vulnerability over the short term,” said Obama cybersecurity coordinator Michael Daniel.

“When you have personnel vacancies at the top, the impact is felt on long-term cyber-security efforts and incident response,” he said. “For the first, you don’t have someone to drive the needed policy changes and oversee implementation. For the second, you don’t have a leader to manage the response efforts.”

The Environmental Protection Agency’s chief information security officer (CISO) is also reportedly stepping down this month. Sean Kelley, who has been on the job since January, is said to be taking a position at the IT and defense company Leidos. The agency did not return a request for confirmation of his resignation.

Experts say the longer these positions remain unfilled, the tougher it will be to enact policy changes, including those laid out in President Trump’s executive order on strengthening cyber-security signed in May.

“It can really paralyse an organisation until new leadership [arrives],” said James Norton, who served in a cyber-security role at the Department of Homeland Security during the George W. Bush administration.

Specific authorities of CIOs range from agency to agency, though they are broadly tasked with overseeing policy and security decisions when it comes to their individual government body’s IT infrastructure. Some CIOs are political appointments, while others are not.

Several occupants of these positions are currently serving on an acting basis, including those at the Departments of Commerce, Transportation and Veterans Affairs and the Environmental Protection Agency.

“It is definitely incumbent on the administration to have every position filled by the end of the year,” said Norton. “If they’re not able to do that, I think that’s troubling.”

Trump has made some progress filling federal cybersecurity-related roles. White House homeland security adviser Tom Bossert, on board since the start of the administration, is widely credited with spearheading Trump’s cybersecurity executive order.

The administration has also brought on Rob Joyce, a former National Security Agency official, to manage the federal government’s cybersecurity policy efforts at the National Security Council.

However, the administration has yet to permanently fill the roles of federal CIO and federal CISO within the Office of Management and Budget. Grant Schneider, the deputy federal CISO, has been filling the role of acting federal CISO since his boss left in January. CyberScoop reported last week that Schneider will also fulfill a cyber-security role at the NSC in the interim, taking on two jobs at once.

The White House is also said to have fired the CISO for the Executive Office of the President, Cory Louie, back in February.

Jason Healey, a cyber-security expert and senior research scholar at Columbia University’s School for International and Public Affairs, noted other “critical” cybersecurity job openings across the government, including the recently vacated cyber-security diplomacy coordinator role at the State Department.

“The loss of these senior officials is not promising, of course. But they’re generally only looking after their own agencies, not the larger federal enterprise or national cyber-security,”

Healey said of the recent departures in an email. “I’m most concerned that two of them had only recently joined will send danger signals for talented people looking who might want to serve in government.”

CIOs encompass just one of several leading technology roles in the federal government, a growing group that also includes CISOs, chief technology officers, chief data officers and chief innovation officers. The federal IT workforce encompasses more than 80,000 individual employees.

The federal government has long faced a challenge of competing with the private sector to recruit and retain top-tier tech talent.

But Daniel, the Obama cyber czar, surmised that the Trump administration could face an even tougher recruitment challenge because of its lack of organisation and the perception of a White House embroiled in chaos.

“I suspect that has very little to do why an individual CIO at an agency might leave, but it certainly is going to add to their recruiting challenges,” Daniel said.

“It’s a challenge in any administration, and that’s if you have a big apparatus ready to go,” Daniel said. “If you don’t have that, it makes it even more challenging.”

The Hill

You Might Also Read: 

Top US Cyber Official Resigns:

« Fighting Digital Crime: Evolving Police Methods
Artificial Intelligence: A Warning »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

tietoevry

tietoevry

Tietoevry creates digital advantage for businesses and society. We are a leading digital services and software company with local presence and global capabilities.

qSkills

qSkills

QSkills is an independent training provider specialized high-quality IT and IT management training courses including IT security.

FarrPoint

FarrPoint

FarrPoint is a specialist telecoms consultancy providing a range of services including cyber security assessments and technical assurance to safeguard your data.

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

MPC Alliance

MPC Alliance

A consortium of developers and practitioners of multiparty computation (MPC), committed to accelerating market awareness and adoption of MPC to increase the security and privacy of online services.

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp is the world’s largest network of multi-corporate backed accelerators helping startups scale internationally.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

SecureThings

SecureThings

SecureThings focus is to provide guidance and technology to secure connected vehicles in order to build end-to-end security for the automotive industry.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

Moss Adams

Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity.

SpeQtral

SpeQtral

SpeQtral offers commercial space-based Quantum Key Distribution (QKD) founded on technology developed at the National University of Singapore.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

CatchProbe Intelligence Technologies

CatchProbe Intelligence Technologies

CatchProbe provides actionable web intelligence, OSINT, deception systems, threat intelligence, and digital crime analytics solutions and products through an AI-Driven intelligence platform.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

Codacy

Codacy

Codacy is a developer-first, API-driven platform that provides a curated collection of best-in-class code analysis, security, coverage, and engineering performance tools.