But Alan Paller, the director of research at the SANS Institute is wary of the word, “legacy.”
“I think we think too hard about our legacies,” he told In Depth with Francis Rose. “What we get done while we’re there is what matters.”
Even so, looking back, Paller said he would give Schmidt mixed grades for his tenure leading the cyber office.
Schmidt deserves an “A” for increasing awareness of cybersecurity, for identifying the problem, Paller said. “The level of understanding of cybersecurity has skyrocketed, and he can take some credit for that,” he added.
Similarly, Paller said he would give Schmidt a “B” for focusing the office on a few key areas: trusted Internet connections, identity management and continuous monitoring.
But Paller said Schmidt was much less successful in reducing the vulnerabilities of the federal governments’ networks — for which he deserves an “F.”
“You have to say on his watch, (vulnerabilities) didn’t go down,” despite it being a goal of the international strategy, he said.
However, Greg Garcia, former assistant secretary for cybersecurity and communications at the Homeland Security Department, said given the circumstance, he thought Schmidt — with his background in law enforcement, the military and government — performed admirably.
“I don’t know that the White House committed 100 percent to the position, partly because it was new to them,” said Garcia, who now heads his own cyber consultancy.
Schmidt wasn’t short of passion or knowledge, Garcia said, “but the leash gets shortened to some extent, as so many other priorities are competing for attention.”
The cyber coordinator position under Schmidt was ultimately a “test case” for a more assertive White House role in cybersecurity, he added, and should be viewed as a solid effort. “Now…let’s ramp it up,” he said.
Using the budget process
One area Schmidt came up short in, Paller argued, was in not taking full advantage of his role. He “didn’t use the federal procurement capability and… he didn’t get OMB behind him to use budget to force agencies to buy together, to buy more secure systems,” Paller said. “He just didn’t take advantage of the most powerful lever he had.”