New Cybersecurity Chief Targets Bureaucracy

Greg Garcia, the recently named head of cybersecurity at the U.S. Department of Homeland Security, is an impatient man when it comes to bureaucracy. That may be a good thing.

Those who know Garcia, a former IT security policy expert at the Information Technology Association of America, a trade group in Washington, D.C., say he has little patience for the slow Washington process of nonstop meetings to discuss process, without making hard decisions. “Greg has a low tolerance for chatting with no action,” says Harris Miller, a former Information Technology Association of America president. “He’s very much a person who believes in setting agendas and moving forward on them.”

This may be just what DHS needs. In September, DHS released the nonclassified report on a tabletop exercise it conducted in February called Cyber Storm, in which it staged a mock cyberattack on the IT systems that support the nation’s energy and transportation sectors. While DHS officials declared the exercise a success, security experts criticized it, saying DHS has yet to establish some of the most basic elements in a national cybersecurity plan, such as who supervises specific lines of communication. (See “Cyber Storm Warning,” www.csoonline.com/read/110106.)

If 45-year-old Garcia, whose formal title is assistant secretary for cybersecurity and telecommunications, seeks to pick up the pace, he has some built-in advantages that his three predecessors (Howard Schmidt, Richard Clark and Amit Yoran) lacked. The position has been elevated to an assistant secretary, reporting directly to George Foresman, under secretary for preparedness, and Garcia has a deep list of private-sector and congressional contacts. Watch for Garcia to try to establish metrics on how well the government is doing in cybersecurity, much as the financial sector rates its readiness for cyber attacks, Miller says.