Former ODNI CIO Meyerrose talks about cybersecurity's future

President Obama has yet to nominate someone for the position of national cybersecurity chief, and the possibility of cyber attacks against the United States is increasing, according to many analysts.

This has left many to wonder about the future of federal cybersecurity.

Federal News Radio gets analysis from Gen. Dale Meyerrose, former CIO and the Office of the Director of National Intelligence and current vice president and general manager of Cyber and Information Assurance for the Harris Corporation.

Meyerrose said that there does need to be leadership from the top.

"I know that there is a discussion about whether or not you put that in one of the departments or you invest it in the White House. I'm one that advocates initially starting it in the White House and then, after it matures, [having] it migrate someplace else."

One of the criticisms floating around about the new cybersecurity position is that it would require the person report to two different people -- one in the National Security Agency and one in the Economic Policy Group. Another has to do with the position's lack of budget authority.

"I think that's legitimate, but, to be fair, it's going to take a very good opportunity to find the right person who can both be technically competent and also very effective in government affairs. Second of all, a lot of the job was not outlined. . . . I think there needs to be a wait-and-see attitude as to what authorities become attended to the job."

Thus, he contends that the parameters of the job might have to do with who the President picks.

"You've got to find that special person, and that special person has got to have the right relationship with the senior staff both in the White House and in the departments."

Just because no one has been appointed, however, does not mean that the federal government is not working to stay on top of things.

"If you look at how the CTO has come out on things and the CIO has come out on things and OMB and [NIST] has come out with the next iteration of cyber standards. Things are not standing still. It's just too easy to focus on that one element and forget that there really are literally thousands of people working the problem."

Additionally, another area that's garnered attention has been the public/private partnership when it comes to cybersecurity. Meyerrose said he thinks there is no other way to keep everyone safe than working together.

"If you think about it, cyber is borderless. So, it's blurring definitions. It's blurring frames of reference. I like to say it's full of familiar terms but unfamiliar paradigms and shifting definitions. What I mean by that is, it represents a developing language that we're still trying to put some body and framework behind. . . . Cyber is blurring the lines between public and private -- military and non-military -- national and international."

It isn't so much that technology is changing too quickly, he added, but the use of technology -- and keeping up with those changes -- is what one really has to be aware of.

"A lot of the technology that appears to be new is nothing more than a combination of existing technologies, but we're thinking about it differently. . . . I think the social networking thing is a perfect example. Some of that, in fact, is old technology."

The cyber environment is becoming more challenging to operate in, as well, which means it is harder to mitigate attacks. This, Meyerrose said, demonstrates progress.

"If you think about it, the Pentagon ends up with 2 million attacks a day -- plus. And that's going up -- and yet the Pentagon still remains effective in cyberspace."