New White House cybersecurity chief largely an unknown
- 22 May, 2012 23:29
Named late last week to replace Howard Schmidt as the top White House cybersecurity adviser, Michael Daniel is a 17-year veteran of the Office of Management and Budget (OMB) and has been its intelligence branch chief for the past 11 years. But he has stayed largely under the radar, even in the cybersecurity community.
Brian Krebs, a well-connected former Washington Post reporter and author of the respected blog KrebsonSecurity, said he did not know Daniel or what his politics are.
Krebs is not alone. Several others told CSO they also know nothing about Daniel, but didn't want to be quoted. GovInfoSecurity's Eric Chabrow reported Monday that "some of the most-connected people in Washington's cybersecurity community [have] never heard of Michael Daniel."
That may be by design. Karen Evans, administrator for e-government and IT at OMB for the last five-plus years of President George W. Bush's tenure, told GovInfoSecurity that Daniel was not meant to be the public face of the administration, as she and Schmidt were. "Michael is an OMB careerist and we were very protective of them, so they could transition from administration to administration; that was their job," she says.
That, of course, is about to change, and is already changing. Daniel's education and work history have become topics of interest. Daniel, described by some as a "young gun," is 41, while the departing Schmidt is 62. He holds a B.A. in public policy from Princeton University, a Master's in public policy from the Harvard Kennedy School of Government and a Master's in national resource planning from the National Defense University.
He started his career as a research assistant at an Atlanta think tank, the Southern Center for International Studies. He began at OMB as a program examiner in the operations and personnel branch, covering the Navy, Marine Corps and contingency operations programs, before becoming intelligence branch chief.
While Schmidt is known for riding a Harley-Davidson, Daniel is a martial arts enthusiast.
And he will step into a political meat grinder, joining the administration at a time when the White House and Congress are clashing over several legislative initiatives aimed at protecting crucial U.S. industries -- defense and infrastructure -- from cyberattacks by criminals, hostile nation states and terrorists.
So far, most of the predictions on how Daniel will fill his new role are speculative. RT reported last week that Schmidt's departure might eliminate a major hurdle for the controversial Cyber Intelligence Sharing and Protection Act (CISPA), which passed the House but faces a threatened veto from the president, on the grounds that it would undermine internet privacy.
"Schmidt is believed to be instrumental in the White House's opposition to the bill," RT reports, "[but] with Schmidt out of the picture, the future of CISPA is now more uncertain than ever."
But Rebecca Herold, an information security and privacy expert known as the "Privacy Professor," while agreeing that Daniel's background in "spying/surveillance activities ... does not lay a foundation for supporting strong privacy rights," says it would be premature to assume anything about his political positions.
She also notes: "It seems counterintuitive for the White House to appoint someone to the cyber security czar position who would oppose the things the president has indicated are important, which include preserving privacy while protecting the digital infrastructure."
When it comes to experience and expertise, Daniel gets good reviews from both colleagues and observers. Melissa Hathaway, a top cybersecurity adviser to both Presidents Bush and Obama, told GovInfoSecurity, "Michael was picked because of his intimate knowledge of national security accounts, where the true capabilities exist."
Hathaway, who worked with Daniel in creating the federal Comprehensive National Cybersecurity Initiative, says that "he knows what can be leveraged in the national security apparatus to help assure the defense of the country."
The Atlantic Council'sÃ'Â Jason Healey, who has worked with the White House on security, says some of his colleagues are upset because Daniel lacks technical credentials. "But most cybersecurity experts just don't understand how to get anything done in government," he said. "It's always going to be a tradeoff between someone who knows what needs doing and someone that can get the government to do it."
Healey says he is optimistic about the appointment because "the main issues facing the waning days of this administration are budgetary and legislative, and anyone from OMB is likely to have some idea about which levers to pull to influence the interagency process and Congress."
There is general agreement that Daniel's role will differ from Schmidt's, who was the first to hold the position and is seen as the one who developed an agenda and policy goals. Daniel's role, Evans told GovInfoSecurity, will be to execute that agenda.
"Howard changed the dialogue. That's a certain set of skills," Evans says. "But you need the next set of skills where you have to execute."
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.