The Homeland Security Department’s appointment of Gregory Garcia as assistant secretary for cybersecurity and telecommunications last week drew the expected messages of congratulations and approval, but the messages also came with an appreciation for the challenges of the job.
“While I am pleased the position…has finally been filled after more than a year’s delay, the agency has an enormous amount of work ahead of it to improve the department’s ability to protect the information systems that underpin our nation’s critical infrastructure,” said Sen. Joseph Lieberman (D-Conn.), ranking member of the Senate’s Homeland Security and Governmental Affairs Committee.
The committee called on DHS to create the assistant secretary’s position in February 2005 and held several hearings about weaknesses in DHS’ management of cybersecurity.
Industry groups applauded the appointment. Many believe that Garcia’s industry ties and familiarity with the federal market will bolster his influence in both areas. Previously, he was vice president for information security programs at the Information Technology Association of America, a trade group representing many leading IT companies.
DHS officials said Garcia led the public debate on cybersecurity policy and national cyber readiness at ITAA and worked closely with DHS in past years in his role on the IT Sector Coordinating Council.
“He understands that government has a critical role to play, and his experience in the private sector provides a unique perspective on industry’s critical role,” said Robert Holleyman, president and chief executive officer of the Business Software Alliance.
Garcia’s experience isn’t his only advantage, some observers say, because the new assistant secretary’s position carries more clout than did the previous director’s job in DHS’ National Cyber Security Division.
“There have been changes made to the organizational structure for Greg,” said Tiffany Jones, regional manager for North and Latin American government relations at Symantec.
“It raises the level of cybersecurity policy,” Jones said. “If there is more direct access to higher-level officials within the department, they can get more responsibility and autonomy to go out and evangelize on Capitol Hill.”
However, some industry officials said Garcia will not face the job’s challenges until he tries to organize cybersecurity defense between agencies and industry. The recent report on DHS’ Cyber Storm exercise showed that agencies are ill-prepared to deal with a major cyberattack on federal networks and information systems.
“The real test will come when we are all implementing our responsibilities under the sector-specific plan during an attack,” said Michael Aisenberg, director of government relations at VeriSign.
