Cyber czar: Networks in the U.S. are riddled with vulnerabilities

In a rare public appearance Thursday, White House Cybersecurity Coordinator Howard Schmidt warned that U.S. networks are riddled with vulnerabilities that can be exploited by thieves and spies.

“Why do we keep seeing these problems over and over again? Because we have vulnerabilities,” Schmidt said. 

Schmidt compared America’s cybersecurity situation to a military base with holes in the fence.

“It shouldn’t be that way in cybersecurity,” Schmidt said. “We need to deny [hackers] the capabilities to get through the fence.”

Schmidt’s appearance Thursday at an event of the Armed Forces Communications and Electronics Association provided a rare look into the White House’s thinking on cybersecurity issues. Citing executive privilege, Schmidt has refused to testify before the Homeland Security Committee, which approved comprehensive cybersecurity legislation last week.

Schmidt said the White House takes individual privacy into account before all of its cybersecurity policy decisions.

“It’s an interesting question about privacy. The  president is committed to it, everybody on our staff is committed to it. But it’s not a zero-sum game,” Schmidt said. “There are no absolutes in this area — which weighs heavier depends on the circumstances.”

Schmidt said the White House is focused on cybersecurity as a national security and economic issue, which is why he is working on it as a member of the National Security Council and the National Economic Council.

Schmidt said he is focused on ensuring that U.S. networks can bounce back quickly from attempted cyber-attacks. He stressed that systems must be designed so they can be restored quickly after any disruptions or outages.

Schmidt promoted cybersecurity initiatives inside the government such as the Trusted Internet Connection program, which will dramatically reduce the number of outside Internet connections within federal agencies. He also said the government is shifting its emphasis from annual cybersecurity audits to active, continuous monitoring of its networks.

“While it’s great to write reports, let’s actually do something to make our systems less vulnerable,” Schmidt said.