Another Senior Cybersecurity Leader to Exit DHSBruce McConnell is Third Cybersecurity Official to Leave This Year
Bruce McConnell, acting deputy undersecretary for cybersecurity, says he'll resign from the Department of Homeland Security on Aug. 10, making him the third senior cybersecurity official to leave DHS this year.
McConnell had been filling in for Mark Weatherford, who resigned in April as deputy undersecretary for cybersecurity in the National Protection and Programs Directorate [see DHS's Mark Weatherford Resigning]. In January, Michael Locatis resigned as assistant secretary for the Office of Cybersecurity and Communications [see DHS Losing Senior Cybersecurity Leader], another directorate unit.
"Losing both Mark and Bruce at the same time would be a double whammy for the DHS cybersecurity program," says former Officer of Management and Budget executive Franklin Reeder, co-founder of the Center for Internet Security, which works closely with DHS. "They possessed an important combination of subject-matter knowledge and experience and a sense of how to get things done in Washington. They will be hard to replace."
McConnell's decision to leave DHS comes a week after Janet Napolitano announced her intent to resign as secretary in September. This spring, her deputy, Jane Holl Lute, also resigned [see DHS's Napolitano Resigns: The Impact.]
McConnell is one of DHS's top theorists on cybersecurity. Earlier this year, speaking on a panel, he provided several ideas, such as employing service-level agreements, that could be incorporated into the cybersecurity framework President Obama ordered [see Cybersecurity Framework: Beyond Standards].
Imagine, McConnell said, a cyber-attack that disables electrical power in a major metropolitan area. A performance goal could be in the form of a service-level agreement that promises to restore power in 90 percent of locations within four hours. That's an example of an outcome-based performance standard. "Then," he said, "the framework can address it by saying, 'OK, if you're going to do that, then you need this level of cybersecurity.'"
Allan Friedman, research director of the Center for Technology Innovation at the Brookings Institution, says McConnell's thinking was ahead of its time. "McConnell's position on cybersecurity has remained largely unchanged, while the world around him slowly converged on it," Friedman says. "He always stressed it was an important problem, but one that had to be approached with balance and good policy, a counter both to the alarmism and the calls to push more information security questions into the national defense world."
Friedman says one of the biggest challenges McConnell's departure presents the department is replacing his vision of how disparate directorate initiatives could work together and engage with other government programs beyond DHS.
And Weatherford says that kind of vision will be missed at DHS. Asked if McConnell's and others' recent departures would weaken DHS's cybersecurity policymaking, Weatherford responded: "Yes, but that isn't unexpected because any time someone with Bruce's level of experience leaves, it creates a gap. I'm sure there will be another extraordinary public servant [to] step into the role and fill the hole."
Who is that extraordinary public servant? No word yet from DHS, but a report in The Hill newspaper quotes two unnamed sources with knowledge about the job as saying that Phyllis Schneck, vice president and chief technology officer for public sector at McAfee Global, is McConnell's likely successor.
Weatherford credits McConnell as being personally responsible for the administration's success in advancing cybersecurity within the federal government. "He literally built a team from almost nothing and, collectively, they were engaged at all levels of cybersecurity policy-making, from the White House to the U.S. legislature," Weatherford says.
McConnell led the development and oversaw the implementation of high-priority initiatives, including an executive order on improving critical infrastructure cybersecurity and a presidential policy directive on critical infrastructure and security resilience.
Suzanne Spaulding, DHS acting undersecretary for the National Protection and Programs Directorate, characterizes McConnell as the visionary behind the blueprint for a secure cyber future, which lays out how DHS will protect critical infrastructure and build a stronger cyber-ecosystem. "The progress he promoted, and the collaborative leadership style he modeled, will continue as fitting legacies," Spaulding says.