DHS cybersecurity appointment seen as government-industry bridge

Phyllis Schneck, the McAfee executive appointed to head the Department of Homeland Security's (DHS) cybersecurity efforts, is the right choice to build cooperation between government and the private sector in protecting the nation's critical infrastructure, security experts say.

DHS Secretary Janet Napolitano announced on Monday that Schneck would be the new deputy undersecretary for cybersecurity, succeeding Mark Weatherford, who left in April to join consultancy The Chertoff Group. In her new role, Schneck takes on one of the top cybersecurity jobs in the nation.

At Intel-owned McAfee, Schneck was vice president and chief technology officer for the company's public sector business. She has a Ph.D. in computer science from Georgia Tech and holds three patents in high performance and adaptive information security.

At DHS, Schneck will be in charge of carrying out President Barack Obama's executive order that calls for a national cybersecurity framework that depends on government and private industry collaboration. Experts say she has the technical skills and business experience to bridge the wariness private industry often has towards working closely with the government.

"She's ideal for this job," said Stewart Baker, a former top DHS official who has known Schneck for several years. "She's got technical chops, administrative and corporate competence, and enough public/private board experience to appreciate the challenge she'll face. She will add a lot to DHS's combined policy and technical capabilities."

Schneck's experience in government and corporate partnerships include her current position as chair of the board of directors of the National Cyber Forensics and Training Alliance. The group brings companies, government and law enforcement together in combatting international cybercrime.

Schneck also served as chair of the Information Security and Privacy Advisory Board of the National Institute of Standards and Technology. NIST is currently overseeing government and industry efforts to build out Obama's framework for protecting the nation's critical infrastructure against cyberattack.

[Also see: DHS secretary Napolitano's exit leaves leadership vacuum]

Her new job will include establishing a way for private industry to comfortably share cyberattack information with government. Corporate concerns include potential lawsuits from customers or partners, while civil rights advocates have raised privacy concerns.

In addition, recent revelations of massive surveillance of Internet and telecommunications traffic by the National Security Agency (NSA) have bred tension between government and the private sector.

"The current state of affairs between the private industry and the government is very fragile right now from a cyber perspective," said Paul de Souza, founder and director of the Cyber Security Forum Initiative, a nonprofit group that advises the government on cyber warfare.

Schneck's success will depend on her ability to foster trust, de Souza said.

"As long as she relies on the whole-of-nation approach, we should make progress," de SouzaÃ'Â said. "Industry needs trusted partners who can provide cyber situational awareness on a two-way street relationship."

Murray Jennex, an associate professor and expert in information systems security at San Diego State University, said he hoped that Schneck's academic background would help unite university and corporate security researchers, who often have different goals.

"National cybersecurity is a wicked problem that needs the creativity and innovation that a fusion of [private] practice and academia will provide in order to solve it," he said.

Schneck joins DHS at a time when the department is undergoing major changes. In September, Napolitano will leave to become the first woman president of the University of California system. Obama has not announced her replacement.

As of Aug. 12, at least 15 top positions across DHS are either vacant or filled temporarily, reports the magazine FCW, which focuses on the federal executive sector.

"She faces a slew of challenges at DHS from a management and organizational standpoint that everyone who previously held the position struggled to address," said Jacob Olcott, former counsel for U.S. Sen. Jay Rockefeller (D-WVa.). "Getting national cybersecurity policy right is almost easier than solving DHS bureaucracy."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags The Chertoff GroupcybersecurityapplicationsGeorgia Techinteldata protectioncybercrimeDepartment of Homeland SecurityDHSmcafeeData Protection | MalwarelegalPhyllis Schnecksoftware

More about IntelMcAfee AustraliaNational Security AgencyNSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts