The picture above shows a portion of the inaugural class of CISOs invited to Quantico for training, collaboration, and shooting rifles (I know, I know – everyone ducked when I stepped up to the line). That’s me on the lower right standing between two of my partners-in-crime, Jerry Brady from Morgan Stanley and Alex Stamos of Facebook. Oh, and there on the left is Mr. James Comey, who addressed our group, and willingly answered our tough questions – competently.
Regardless of your politics or your support/non-support/don’t-care regarding President Trump’s recent firing decision, we are where we are – and a new FBI Director must be selected. It is my hope – and I will explain my rationale below – that this selection will take into account the intense challenge of cyber security. All eyes seem to be focused on the investigation of Russian interference, and I fear that our nation’s leaders will completely forget about cyber.
The first characteristic that must be present in any new modern FBI Director is a basic facility with cyber security technology and operations. The FBI has the grave responsibility to lead our nation’s efforts in the investigation and prosecution of cyber intrusions, computer-based fraud, and identity theft. These are intensely challenging tasks that require deep experience and great expertise, and the last thing we need is a Luddite Director.
The second characteristic is the ability to coordinate with relevant government agencies. This includes federal, state, and local groups – but specifically requires personal trusted relationships with the CIA, DoD, DHS, and NSA. These are tightly-knit communities who collaborate every day on life-and-death situations. Their joint role in cyber security also has serious, consequential implications for our country – so we need a new FBI Director who can effectively build and maintain this trust – independent of politics.
Finally, we need a Director with the ability to understand and interact with the private sector. Everyone understands that most of the critical infrastructure that is targeted by nation-state cyber actors is owned and operated by corporations. To that end, it is not sufficient for any new Director to focus on government-only issues in cyber security. Any selected Director will need the ability to comfortably work with commercial leaders, and to understand the special challenges of the modern CISO.
Regarding Mr. Comey, you are welcome to debate his performance, but I can tell you that from a cyber security perspective, he was mostly-respected. He had sufficient technical ability to stand up to smart, tough CISOs and to go head-to-head with people like me on technical issues. He worked closely with other government cyber leaders, and his twelve-year executive career including SVP at Lockheed gave him insights into the commercial community. I certainly didn't always agree with him, especially on certain matters of encryption, but I must say that I liked and respected him.
What am I asking you to do? Please reach out to your local lawmakers – Republican, Democrat, and Independent – and ask them to be noisier about the selection process and cyber security. I know that Congress does not make this selection, but Mr. Trump responds to “media buzz.” Let’s therefore ask those in the public eye to bring this topic up. I’ve watched multiple stations these past two days in my office, and there has been no mention of how Comey's firing will affect cyber security: Hence this article.
We in cyber are an important community – and we must speak with a common voice. I cannot think of a more consequential group with less political divide. So, regardless of your political party (and who the hell cares anyway?), let’s make sure everyone knows that when any senior government official is selected – and especially an FBI Director, that their capability to effectively support our cyber security community needs to be front and center.
Let’s be loud and make this an issue.