Educating Web users about risks, working better with other governments, and increasing federal support for cybersecurity research and development will be among the top priorities for the new U.S. White House cybersecurity director.
Howard Schmidt, on the job for a week, said Wednesday that one of his goals is to create a national cybersecurity education campaign to help Web users protect themselves. Although Schmidt's focus will primarily be on protecting U.S. government networks, his office will work closely with private groups to educate Web users and businesses about better cybersecurity practices, he said during a speech at the Congressional Internet Caucus' State of the 'Net conference.
Schmidt asked conference attendees for their help in creating a national cybersecurity campaign.
Education is important, he said, but end-users shouldn't bear all the responsibility for protecting their computers. He called for better security at businesses and from vendors that kept tough security decisions away from end-users.
"We should not be looking to the end-user, the consumer and our employees to be sort of the policemen of their desktops," he said. "We need to move that battlefield back away from them, and the way to do that is to reduce the vulnerabilities that exist out there."
Software developers are doing a better job now about writing secure software than they did even a year ago, Schmidt said. But software vendors can do even more, he added.
Schmidt, a former chief security officer at eBay and Microsoft, listed several priorities during his speech, although he shied away from offering many specific proposals. He's still getting briefed about many of the cybersecurity activities in the White House, he said.
But Schmidt said one of his goals will be to work with other governments to combat cyberattacks. "We know packets don't stop at borders," he said. "Clearly, this is an international discussion."
Schmidt didn't address Google's recent accusations that Chinese hackers have been targeting it and other U.S. companies, but he said the U.S. government needs to have an "organized, unified response" to cyberattacks.
Cybersecurity research and development also needs to be a top priority, he said. "We need to be looking at a number of years in the future," he said. "Where are we going to be 10 years from now? What are the technologies, what are the management tools we're going to need? Investing in research and development is key."
Schmidt talked about protecting privacy while enhancing cybersecurity efforts. The White House recognizes that protecting privacy is important, he said. He also said privacy and security are closely connected.
"Without security, we have no privacy," he said.