WASHINGTON - The Bush administration plans to appoint a new cybersecurity chief for the government inside the Homeland Security Department, replacing a position once held by a special adviser to the president. Industry leaders worry the new post won't be powerful enough.
The move reflects an effort to appease frustrated technology executives over what they consider a lack of White House attention to hackers, cyberterror and other Internet threats. Officials have outlined their intentions privately in recent weeks to lawmakers, technology executives and lobbyists.
The new position, expected to be announced formally within two weeks, is drawing early criticism over its placement deep inside the agency's organizational chart. The nation's new cyberchief will be at least three steps beneath Homeland Security Secretary Tom Ridge.
In Washington, where a bureaucrat's authority and budget depend largely on proximity to power, some experts fear that could be a serious handicap.
"It won't work. It's not a senior enough position," said Richard Clarke, Bush's top cyberspace adviser until he retired this year after nearly three decades with the government. Clarke's deputy, Howard Schmidt, resigned last month and accepted a job as chief information security officer for eBay Inc.
"While it's not optimal having someone technically that low in the pecking order, it's much better than the current situation," said Harris Miller, head of the Information Technology Association of America, a leading industry trade group. He said success at that level of Washington's bureaucracy is "not mission impossible, it's just a difficult mission."
The plan is consistent with Ridge's unease over elevating cyberconcerns above the security of airports, buildings, bridges and pipelines. The agency currently lumps both those issues under its Information Analysis and Infrastructure Protection unit, one of four directorates in Homeland Security.
"It's pretty difficult for many businesses and many economic assets in this country to segregate the cyber side from the physical side because how that company operates, how that community operates, is interdependent," Ridge told lawmakers at a hearing this week.
The new cyberchief also will be responsible for carrying out the dozens of recommendations in the administration's "National Strategy to Secure Cyberspace," a set of proposals put together under Clarke just before his departure.
That plan, completed in February, is drawing criticism because it emphasizes voluntary measures to improve computer security for home users, corporations, universities and government agencies.
"I don't think we have a plan," said Rep. Zoe Lofgren of California, the senior Democrat on the Homeland Security subcommittee on cybersecurity. "If we just take a look at that strategy, we're not going to end up with the solutions we need. There's a sense among the committee that there needs to be a little more meat."
The government privately acknowledges many of those criticisms. In a previously undisclosed internal memorandum to Commerce Secretary Don Evans, the head of the agency's Bureau of Industry and Security described complaints from technology executives after meeting with them in September in California.
The executives felt the government's plan was "not sufficiently strong because many of the key recommendations had been `watered down' and were not `mandatory,'" Undersecretary Kenneth Juster wrote. His organization at the time included the U.S. Critical Infrastructure Assurance Office, which has moved to Homeland Security. The Associated Press obtained a copy of Juster's memo under the Freedom of Information Act.
Officials are still looking for candidates for the new position, which will be announced within the next two weeks. Clarke, now a private consultant, cautioned that the administration will have a difficult time convincing a prestigious cybersecurity expert to take the job. Some others predicted that won't be a problem.
"Most folks if asked to do this would jump at the opportunity," said Sunil Misra, chief security adviser at Unisys Corp.