Schmidt tapped as White House cybersecurity coordinator

Seven months after he announced the creation of a White House cybersecurity coordinator, President Obama has selected industry veteran Howard Schmidt for the job, an administration official confirmed Monday night.

The official told CSOonline.com that the White House will make the announcement tomorrow.

"Cybersecurity is critical to both our national security and economic competitiveness, and the president wanted to ensure that the cybersecurity coordinator had the right mix of public and private sector experience," the official said. "After an extensive search, the president chose Schmidt because of his unique background and skill sets."

Schmidt has a long history in the IT security sector and has served in the White House before as vice chairman of the president's Critical Infrastructure Protection Board. He's a former chief information security officer at eBay, chief security officer at Microsoft and has worked with federal and local law enforcement and the Defense Department.

The administration official said Obama "was personally involved in the selection" of Schmidt, and Schmidt will have regular access to the president for cybersecurity issues.

"Our cybersecurity team at the White House has been making good progress on the president's cybersecurity priorities since his speech and that will enable Howard to hit the ground running," the official said. "Schmidt and his team are part of the National Security Staff and will closely support the National Economic Council on cybersecurity issues."

The news comes on the same day CSOonline.com ran an article in which Schmidt offered IT security predictions for 2010. His predictions were as follows:

Malware Goes Mobile

Malware for mobile devices/smartphones will escalate as more apps are provided that facilitate users' ability to do more things related to e-commerce, travel and finance. Given that many end users feel less vulnerable on their mobile devices it could be a steep learning curve to convince them they need to take similar protections as they would on their PCs.

The Cloud As Security Enabler

While we have been doing some form of cloud computing for more than 10 years, 2010 will be the tipping point as to much wider adaption in all sectors. The overall net effect will give us a better chance to develop more security in the cloud using better vulnerability management and reduction, strong authentication, robust encryption and closer attention to legal jurisdictions.

Software Will Be Tested -- For Real

Procurement actions will require more robust testing of software and firmware to insure significant reduction of many of the vulnerabilities that we are dealing with today. This might even rise to the level of some sort of software "certification" schema to show consistency of best practices.

Two-factor Authentication Becomes the Rule

2010 will be the year for wider adaption of two-factor authentication for the end users. With federation of the many various types of two-factor authentication that are around today we will finally see strong authentication become the rule, not the exception.