New White House cybersecurity chief largely an unknown

Named late last week to replace Howard Schmidt as the top White House cybersecurity adviser, Michael Daniel is a 17-year veteran of the Office of Management and Budget (OMB) and has been its intelligence branch chief for the past 11 years. But he has stayed largely under the radar, even in the cybersecurity community.

Brian Krebs, a well-connected former Washington Post reporter and author of the respected blog KrebsonSecurity, said he did not know Daniel or what his politics are.

Krebs is not alone. Several others told CSO they also know nothing about Daniel, but didn't want to be quoted. GovInfoSecurity's Eric Chabrow reported Monday that "some of the most-connected people in Washington's cybersecurity community [have] never heard of Michael Daniel."

That may be by design. Karen Evans, administrator for e-government and IT at OMB for the last five-plus years of President George W. Bush's tenure, told GovInfoSecurity that Daniel was not meant to be the public face of the administration, as she and Schmidt were. "Michael is an OMB careerist and we were very protective of them, so they could transition from administration to administration; that was their job," she says.

That, of course, is about to change, and is already changing. Daniel's education and work history have become topics of interest. Daniel, described by some as a "young gun," is 41, while the departing Schmidt is 62. He holds a B.A. in public policy from Princeton University, a Master's in public policy from the Harvard Kennedy School of Government and a Master's in national resource planning from the National Defense University.

He started his career as a research assistant at an Atlanta think tank, the Southern Center for International Studies. He began at OMB as a program examiner in the operations and personnel branch, covering the Navy, Marine Corps and contingency operations programs, before becoming intelligence branch chief.

While Schmidt is known for riding a Harley-Davidson, Daniel is a martial arts enthusiast.

And he will step into a political meat grinder, joining the administration at a time when the White House and Congress are clashing over several legislative initiatives aimed at protecting crucial U.S. industries -- defense and infrastructure -- from cyberattacks by criminals, hostile nation states and terrorists.

So far, most of the predictions on how Daniel will fill his new role are speculative. RT reported last week that Schmidt's departure might eliminate a major hurdle for the controversial Cyber Intelligence Sharing and Protection Act (CISPA), which passed the House but faces a threatened veto from the president, on the grounds that it would undermine internet privacy.

[See also:Ã'Â CISPA enjoys wide backing from enterprises |Ã'Â Will voluntary cyber threat sharing plan cast doubt over CISPA?]

"Schmidt is believed to be instrumental in the White House's opposition to the bill," RT reports, "[but] with Schmidt out of the picture, the future of CISPA is now more uncertain than ever."

But Rebecca Herold, an information security and privacy expert known as the "Privacy Professor," while agreeing that Daniel's background in "spying/surveillance activities ... does not lay a foundation for supporting strong privacy rights," says it would be premature to assume anything about his political positions.

She also notes: "It seems counterintuitive for the White House to appoint someone to the cyber security czar position who would oppose the things the president has indicated are important, which include preserving privacy while protecting the digital infrastructure."

When it comes to experience and expertise, Daniel gets good reviews from both colleagues and observers. Melissa Hathaway, a top cybersecurity adviser to both Presidents Bush and Obama, told GovInfoSecurity, "Michael was picked because of his intimate knowledge of national security accounts, where the true capabilities exist."

Hathaway, who worked with Daniel in creating the federal Comprehensive National Cybersecurity Initiative, says that "he knows what can be leveraged in the national security apparatus to help assure the defense of the country."

The Atlantic Council'sÃ'Â Jason Healey, who has worked with the White House on security, says some of his colleagues are upset because Daniel lacks technical credentials. "But most cybersecurity experts just don't understand how to get anything done in government," he said. "It's always going to be a tradeoff between someone who knows what needs doing and someone that can get the government to do it."

Healey says he is optimistic about the appointment because "the main issues facing the waning days of this administration are budgetary and legislative, and anyone from OMB is likely to have some idea about which levers to pull to influence the interagency process and Congress."

There is general agreement that Daniel's role will differ from Schmidt's, who was the first to hold the position and is seen as the one who developed an agenda and policy goals. Daniel's role, Evans told GovInfoSecurity, will be to execute that agenda.

"Howard changed the dialogue. That's a certain set of skills," Evans says. "But you need the next set of skills where you have to execute."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

More about BushHathawayOffice of Management and Budget

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place