NEWS
More than a year after US Homeland Security secretary Michael Chertoff publicly promised to bring in a top cyber security specialist, he has finally hired one.
Chertoff said on Monday that Gregory Garcia, who has been working at a Washington-area trade association, will become the department's first assistant secretary for cyber security, with responsibility for advising agencies and the private sector.
The announcement ends a vacancy at Homeland Security that lasted more than 14 months and a wait that drew criticism from members of Congress, who said it demonstrated Chertoff has not taken the topic seriously.
Chertoff acknowledged last year he had "initial concerns" about raising the profile of cyber security in a bureaucratic culture that had focused on physical threats since 11 September, 2001. It took a formal vote last May in the US House of Representatives to create the position - and an expected one in the Senate - to prompt Chertoff to acquiesce two months later.
Garcia, who prior to accepting his new position was a vice president at the Information Technology Association of America, will succeed Donald "Andy" Purdy Jr, a two-year contract employee on loan from Carnegie Mellon University. Purdy, who has been criticised for taking the job of running a department that awarded at least $19m in contracts to his university employer this year, was the acting cyber security chief.
It's not clear what took Homeland Security so long to fill the post but some industry watchers have characterised it as having high-profile responsibility but little day-to-day authority over either the federal government or the private sector. (Johns Hopkins University professor Avi Rubin said: "I sure wouldn't take that job - it only has a downside.")
In an appearance before Congress, Chertoff said last year the assistant secretary "should not sit at the centre of all federal agencies and direct and control their policies on information sharing and cyber security".
Washington veterans who know Garcia applauded Monday's announcement. It's "a year late but a positive development", said Shannon Kellogg, director of government and industry affairs for RSA, the security division of EMC, adding: "To me, it's worth the wait. They really have someone who can get the job done."
Previous cyber security "tsars" have been, besides Purdy, Richard Clarke, a veteran of the Clinton and first Bush administrations who left the post with a lucrative book deal. Clarke was effectively succeeded in quick succession by Howard Schmidt, also known for testifying in favour of the Communications Decency Act, then Amit Yoran and Robert Liscouski.
Declan McCullagh writes for CNET News.com
