What does the U.S. cybersecurity czar do?

President Obama created a cybersecurity Cabinet position shortly after taking office. See more computer pictures.
Alex Wong/Getty Images

In 2009, U.S. Defense Secretary Robert Gates declared that the U.S. "is under cyber-attack virtually all the time, every day" [source: Farrell]. He wasn't joking. That year, computer spies gained access to files about the Pentagon's $300 billion Joint Strike Fighter project, intruders breached the Air Force's air-traffic-control system, Chinese hackers penetrated computers at Google, and Russian cyber-thieves stole tens of millions of dollars from Citibank.

To address such threats, President Barack Obama decided soon after taking office to create a new White House position to oversee the safety of the nation's computers and networks. In February 2009, he selected Melissa Hathaway, the acting senior director for cyberspace for the National Security and Homeland Security Councils, to conduct a 60-day review of the government's computer security policies. Her report recommended a permanent position in charge of cybersecurity, and she served as the acting cybersecurity czar until she resigned in August of that year. The hunt for a permanent czar took until December, when Obama appointed Howard A. Schmidt, who had more than 40 years of experience in both private and government computer security.


"Czar" is not Schmidt's official title. He's actually known as the cybersecurity coordinator with the rank of special assistant to the president. The term "czar" has been used informally at least as far back as the Franklin D. Roosevelt administration in the 1930s to indicate that an official has authority in an area of government [source: Zimmer]. It usually means the president considers the issue to be of national importance.

In fact, because computer security has been a national priority for years, Schmidt actually isn't the first to be known as "cybersecurity czar." The term was applied to Richard A. Clarke beginning in 2001 [source: Anderson]. He was officially the special adviser to the president on computer security. The term wasn't used after Clarke left in 2003, but it was revived a few years later to refer to Rod Beckstrom, who became the director of the National Cyber Security Center, which was formed in 2008 within the Department of Homeland Security [source: Stokes].

As Obama's cybersecurity czar, Schmidt is part of the White House staff and reports to the deputy national security adviser. Though he's part of the White House national security team, Schmidt also consults with the president's top economic advisers and has direct access to the president [source: Nakashima]. His appointment wasn't mandated by Congress and didn't require Senate confirmation. The president may dismiss or replace him at any time.

As the person charged with safeguarding the nation's computers, the cybersecurity czar is responsible for working with numerous federal agencies and private companies. But some critics have questioned how much responsibility he really has. Find out why in the next section.



What are the Cybersecurity Czar's Responsibilities?

"Cyberspace is real. And so are the risks that come with it," President Obama said in a May 2009 speech establishing the cybersecurity coordinator position. At that time, he also outlined three principal duties for the role:

  • Orchestrate and integrate the government's cyber policies.
  • Work with the Office of Management and Budget to make sure federal agencies have the necessary funds to deal with cybersecurity issues.
  • Coordinate the response to a major computer incident or attack.

Fulfilling these duties requires the cybersecurity czar to collaborate with various government agencies. For example, he works with the U.S. Department of Defense (DoD), which operates both a cyber command to protect military computer networks and the Defense Computer Forensics Laboratory to deal with cases involving counterintelligence, terrorism and fraud. Within the DoD, he also works with the National Security Agency (NSA), which devises codes to protect sensitive information and monitors enemy communications.


He also works with the U.S. Department of Homeland Security. Its National Cyber Security Division coordinates the efforts of the Department of Defense, the FBI and the NSA. It includes the National Cyber Response Coordination Group, which consists of 13 federal agencies that respond if there is a cyber attack. It also includes the Computer Emergency Readiness Team (CERT), which analyzes and defends the country against cyber threats.

As cybersecurity coordinator, Schmidt has the responsibility to help implement policies across all these organizations. He advises the president, and he consults with Congress, other federal departments and agencies, and state and local governments. His position straddles policy-making and implementation [source: Chabrow].

However, he doesn't have day-to-day authority over any of the groups working on the safety of computer networks. He can make recommendations, but he has no direct power where budget is concerned. Some critics have said the position has enormous responsibility but no real authority [source: Nakashima]. For example, he can't give direct orders; he can only raise issues and bring them to the president's attention.

But the cybersecurity czar's area of concern isn't limited to the government sector. Because private computer networks are critical to concerns such as telecommunications and the power grid, he works with private companies to help them avoid security threats, too. He also consults with international partners, including the European Union, to deal with worldwide cybersecurity issues.

Since his appointment, Schmidt has named five priorities for his office:

  1. Developing a strategy to secure U.S. computer networks
  2. Ensuring an organized response to cyber incidents
  3. Strengthening partnerships with private companies
  4. Promoting research and development on cybersecurity technology
  5. Leading a national campaign for computer security awareness and education

[source: White House]

Threats to U.S. computers and networks present a serious danger to the nation and its economy, but the cybersecurity czar isn't gloomy about the prospects of reaching those goals. In a March 2010 interview with Govinfosecurity.com, he said: "I've been in this business long enough that I've gone from being the gloom-and-doom to understanding we've come a long way. … I can't help but be optimistic" [source: Chabrow].

To learn even more about cybersecurity and how well your computer is really protected, click on over to the next page.


Frequently Answered Questions

What does the National cyber director do?
The National Cyber Director is responsible for developing and implementing the national cyber policy and strategy. The National Cyber Director also coordinates the government's efforts to protect critical infrastructure from cyber threats and works with the private sector to improve cyber security.

Lots More Information

Related Articles

More Great Links

  • Anderson, Kevin. "US names cyber-terrorism czar." BBC. October 10, 2001.http://news.bbc.co.uk/2/hi/americas/1590398.stm
  • Chabrow, Eric. "Howard Schmidt Dismisses Cyberwar Fears." Govinfosecurity.com, March 6, 2010.http://www.govinfosecurity.com/articles.php?art_id=2267
  • Chabrow, Eric. "Howard Schmidt: In His Own Words." Govinfosecurity.com. February 3, 2010.http://www.govinfosecurity.com/articles.php?art_id=2156&opg=1
  • Department of Homeland Security. "National Cyber Security Division."
  • Farrell, Michael B. "Cybersecurity czar's first task: reboot policy." Christian Science Monitor, December 22, 2009.http://www.csmonitor.com/USA/2009/1223/Cybersecurity-czar-s-first-task-reboot-policy
  • Montgomery, Leigh. "Howard Schmidt, cybersecurity 'czar': Who is he?" Christian Science Monitor. December 22, 2009.http://www.csmonitor.com/USA/Politics/2009/1222/Howard-Schmidt-cybersecurity-czar-Who-is-he
  • Nakashima, Ellen."Obama to name Howard Schmidt as cybersecurity coordinator." Washington Post, December 22, 2009.http://www.washingtonpost.com/wp-dyn/content/article/2009/12/21/AR2009122103055.html
  • Stokes, Jon. "Sizing up the new US cybersecurity czar." Ars Technica, March 28, 2008.http://arstechnica.com/security/news/2008/03/meet-the-new-us-cybersecurity-czar.ars
  • The White House. "President Obama Directs the National Security and Homeland Security Advisors to Conduct Immediate Cyber Security Review." Office of the Press Secretary. February 9, 2009.http://www.whitehouse.gov/the_press_office/advisorstoconductimmediatecybersecurityreview/
  • The White House 5/29/09. "Remarks by the President On Securing Our Nation's Cyber Infrastructure." May 29, 2009.http://www.whitehouse.gov/the_press_office/Remarks-by-the-President-on-Securing-Our-Nations-Cyber-Infrastructure/
  • The White House Blog. "Introducing the New Cybersecurity Coordinator." December 22, 2009http://www.whitehouse.gov/blog/2009/12/22/introducing-new-cybersecurity-coordinator
  • Zimmer, Ben. "Czar Wars." Slate, December 29, 2008.http://www.slate.com/id/2207055