Howard Schmidt's Legacy Shaped Cybersecurity Policy and Trustworthy Computing -- Redmondmag.com

The Schwartz Report

Howard Schmidt's Legacy Shaped Cybersecurity Policy and Trustworthy Computing

Cybersecurity experts are mourning the loss of Howard Schmidt, the nation's first cybersecurity czar, who died last week at the age of 67 after a long battle with brain cancer. Schmidt, who served two U.S. presidents, was a onetime chief security officer (CSO) at Microsoft and played a key role in shaping the company's Trustworthy Computing initiative.

Schmidt was recruited from Microsoft by President George W. Bush in April of 2002 in wake of the Sept. 11 terrorist attacks where he served as vice chairman of the President's Critical infrastructure Protection Board. President Barack Obama later tapped Schmidt as the nation's first cybersecurity czar -- his actual title was Special Assistant to the President, Cyber Security Coordinator.

In that role, Schmidt is credited with Obama's efforts to foster private and public sector cooperation in shaping more coordinated policy that promotes sharing attack and threat information in the common interest of protecting the nation's critical infrastructure.

In an interview with DarkReading in a 2011, Schmidt said his key efforts centered around the need for the government and private sector to share attack intelligence. "We are able to coalesce intelligence … the government has information that comes from its unique position, so part of this is taking that information and [showing] we care about putting the bad guys in jail," he said at the time. "We want to make sure we are sharing with our private sector partners."

Schmidt was instrumental in numerous White House initiatives. Of note was the National Strategy for Trusted Identities in Cyberspace (NSTIC), which the White House has since removed from its Web site, and also helped create a strategy on how the U.S. would defend itself from a major international cyberattack. As noted by DarkReading, Schmidt once warned of the "cascading effects" of targeted malware attacks against nation states. Schmidt left the Obama administration toward the end of his first term.

While he was well known for his government service, Schmidt's cybersecurity career spanned 40 years and held roles in military and the commercial sectors as well. In addition to serving as Microsoft's CSO, he spent two years as eBay's chief information security officer (CISO), was chairman of Codenomicon and held numerous board, director and other non-executive roles at various security companies, including Fortify, RatePoint, Neohapsis, BigFix and HAS Security.

Schmidt also served as international president of the Information Systems Security Association (ISSA) and as president and CEO of the Information Security Forum (ISF). After leaving the White House in 2012, Schmidt served as executive director of the Software Assurance Forum for Excellence in Code (SAFECode), a non-profit organization focused on promoting best practices in developing secure code. When Schmidt was too ill to continue at SAFECode his longtime Microsoft protégé Steve Lipner took the reins of the association last fall.

Indeed, Schmidt left his imprint on Microsoft as well, having served during the period that led up to Bill Gates' Trustworthy Computing Initiative and was a cofounder of what ultimately became the company's Trustworthy Computing Group, as recalled by Threatpost, a blog produced by Kaspersky Lab.

Along with Lipner, who ran the Microsoft Security Response Center back then, Schmidt helped create the team that led up to Gates' infamous Trustworthy Computing e-mail. Both Lipner and Schmidt worked closely together on the response on some of the largest major Internet cyberattacks at the time, including Code Red.

Lipner last week told Threatpost that Bush recruited Schmidt from Microsoft just three months before Gates launched the Trustworthy Computing Initiative. "Howard always felt a higher calling to service to the government of the United States, Lipner told Threatpost. "There's no better demonstration of that than the fact that, in late 2001, after the 9/11 attacks, he left Microsoft to join the White House cybersecurity policy office. His departure meant that he was no longer at Microsoft when the Trustworthy Computing e-mail -- which reflected a lot of effort on his part -- was released."

Posted by Jeffrey Schwartz on 03/06/2017 at 11:46 AM

Featured

Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.