WASHINGTON (Reuters) - Microsoft’s security chief and a veteran of Clinton’s and Bush’s national security teams are leading candidates for cybersecurity czar, a job that needs White House access and clout to protect networks that underpin the U.S. economy.
President Barack Obama promised last month that he would personally decide who would lead the fight against an epidemic of cybercrime and organize a response to any major cyber attack.
A leading candidate for the post is Scott Charney, head of Microsoft’s cybersecurity division, who has said he won’t take the job, according to a source who had direct knowledge of the matter but was not authorized to discuss it. The source said, however, that Charney would change his mind if pressed.
Charney also led PricewaterhouseCoopers’ cybercrime unit and headed the Justice Department’s computer crime section.
His main competitor is likely Paul Kurtz, who led Obama’s cybersecurity transition team and who worked on the National Security Council under both Bush and Clinton, the source said.
Others under consideration include former Rep. Tom Davis, a moderate Virginia Republican; Sun Microsystems executive Susan Landau; Maureen Baginski, a veteran of the National Security Agency and Federal Bureau of Investigation, and Frank Kramer, an assistant defense secretary under Clinton, the source told Reuters.
Also in the running but less likely to be picked are Melissa Hathaway, who led a cybersecurity review for the president, and James Lewis of the Center for Strategic and International Studies think tank, the source said.
John Thompson, chairman of the board of Symantec Corp, had been under consideration but turned it down, the source said.
The exact responsibilities of the new job remain largely undefined, although the position described in a report by Hathaway’s team describes a coordinator who reports to both the National Security Council and the National Economic Council.
Holes in U.S. cybersecurity defenses have allowed major incidents of thefts of identity, money, intellectual property and corporate secrets. In one incident, a bank lost $10 million in cash in a day.
There have also been thefts of sensitive military information and a penetration of the U.S. electrical grid.
Susan Landau, who declined to discuss if she has been short-listed for the job, said she would urge Obama to make it a top-level position, as he promised.
“The job is very important,” said Landau. “We have all sorts of different kinds of threats. ... What you want is ubiquitous security.”
Landau is a Sun Microsystems engineer who has worked on digital rights, privacy and export control.
Lewis, who also declined to discuss on the record whether he was being considered, said the White House must emphasize national security expertise in picking a cybersecurity czar.
“Some guy from industry is going to write a national security strategy? No, they aren‘t. You don’t just pick this up,” said Lewis. “You need somebody who knows the national security game, who knows government and who knows about the technology.”
Before becoming a senior fellow at CSIS on technology and national security, Lewis worked for the federal government as a foreign service officer with assignments on such disparate topics as global arms sales, encryption and high-tech trade with China.
Lawmakers on Capitol Hill shared Lewis’ and Landau’s views, said a senate staffer who has been briefed on the issue.
“The president’s vision is a heavyweight,” said a Senate staffer. “I‘m concerned that he or she will get sort of tied up, like Gulliver, tied down by a million different reporting requirements.”
Editing by Brian Moss