MS Chief Security Officer to work for White House

NerveGas writes "An Interesting People message reports that Howard Schmidt, Microsoft's Chief Security Advisor, will be leaving MS to work as a security adviser for the White House. With the track record that Microsoft has in the area of computer security, this strikes me as a very bad move." CD: you'd think people would examine the job someone did at thier previous job before offering them a new one. Isn't this is like putting Capt. Hazelwood in charge of an oil tanker?

more info on Schmidt

[Pinball Wizard]

Here is some info on Schmidt [microsoft.com] at microsoft.com. Looks like he has an admin-level job rather than a software engineering job. So I wouldn't blame him for how poorly coded Microsoft products are. He's involved with best practices on setting things up securely, not watching over programers making sure there's no buffer overruns in the code. Although administration and programming must overlap when it comes to real security there's only so much you can do if you're not deeply involved with the code.

Not sure whether to laugh or cry

[Ambassador Kosh]

Given how badly the government did on its last security evaluation they are hiring the company with about the worse security track record ever to help them? Isn't this like the blind leading the blind? Well I guess this gives a good indication as to what kind of "penalty" MS will get from the trial since it looks like they have managed to buy off the current administration.

This just seems like one of the most phenomenolly stupid ideas the government could make with respect to computers though given the current adminstration I am sure they could figure out some way to outdo themselves. Though I really don't want to see what they do to outdo themselves.

Hmm I heard Mars is nice this time of year ;)

This guy is clueless

[Animats]

Here's a 1998 interview [washingtonpost.com] with the guy. He's not a technical guy. He used to be a computer crime investigator with the USAF. There's a fair amount of stuff by him on the web, mostly the usual Microsoft line of "it's all your fault, not ours".

Notice in the 1998 interview that he denies that viruses in mail attachments are a problem.

Easy on him guys...

[Mustang Matt]

He was a security ADVISOR...

He could have given Microsoft all the advice in the world and if they were too lazy to implement the appropriate security measures it's not his fault.

Maybe the position at the government was his oppourtunity to get to a better place that would actually listen to him.

Re:What type of work?

[Ridge2001]

He's going to be working with Richard Clarke, which probably means he's going to make a lot of dramatic speeches about how "cyberattacks" could cause economic damage that is the "functional equivalent of 767's crashing into buildings [cnn.com]".

See here [vmyths.com] for the kind of stuff this guy's going to be working on.

Re:So you think the White House chose him at rando

[doodleboy]

Among other things, the EULA at passport.com/Consumer/PrivacyPolicy.asp?lc=1033.NE T says: Passport will disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to... Act under exigent circumstances to protect the personal safety of users of Microsoft, the .NET Passport Web Site, or the public.

How interestingly broad, given that in light of recent terrorist activities any "exigent circumstances" could be said to be met as a matter of course. And there is no doubt that all the information that's bound to be stored on .Net servers could be sifted and profiled in many fascinating ways by the intelligence community.

Kinda makes you wonder how it all fits together, given the walk Microsoft got on the anti-trust case.

Re:Not really.

[Anonymous Coward]

There is plenty of blame to go around for the Exxon Valdez oil spill.

Capt. Hazelwood was not at the wheel, or even on the bridge, when the Exxon Valdez struck the reef outside Port Valdez. Contrary to popular opinion ship Captains are not required to be "at the wheel" all the time. The ship was in what the USCG had declared was "outside pilotage" waters and a licensed USCG Merchant Marine Officer (the 3rd Mate) and a compliment of documented seamen were on watch - and at the wheel. Some seamen testified to telling the Officer on watch that the red buoy marking the limit of Bligh Reef was on their starboard side. For whatever reasons, he chose to ignore them.

Capt. Hazelwood had to go down to his office to prepare the flurry of reports that Exxon's yuppie management required every one of their Captains to prepare and send in after loading and as soon as the pilot departs the ship. Prior to leaving the bridge he instructed the Officer on Watch to return to the sea lanes (marked clearly on a radar system on the bridge) after clearing the ice. For whatever reason, this officer declined to follow those instructions.

The USCG officers who claimed he had alcohol on his breath were in an environment of heavy concentration of evaporating chemicals that was so bad that the Chief Mate (whose watch the 3rd mate was taking because the Ch. Mate had been working 36 hours straight loading the ship) testified that he had considered going back and getting a Scott Air Pack to get up the stairway to the bridge. (Compare to trying to detect alcohol on the breath of a friend while putting your nose next to the fill pipe of your car while fueling at at your corner service station.) (Hazelwood was never convicted nor was his USCG license revoked, btw.)

The USCG radar observers in Port Valdez did not make any attempt to follow the ship after the pilot disembarked at the west end of the Valdez Narrows despite warning the ship of pack ice and authorizing the ship to divert from the navigation channel to avoid the ice.

The Exxon Valdez hit Bligh Reef because the ship was undermanned (it was 900 feet long and carried a crew compliment of less than 25 people!), the crew was overworked and exhausted (and many say inexperienced), and Exxon management in Houston was micro-managing the ship with petty requirements, plus the USCG in Port Valdez did not do their jobs.

One of the after effects of this incident was that the USCG returned to the policy of requiring ships to carry an extra officer to help with navigation and loading due to the heavy burden. A policy abandoned by Exxon and the other oil companies several years prior to the accident. A further after effect was a requirement that tankers entering sensitive waters be double-hulled.

Another after effect is that the radar observers in Port Valdez now monitor the ships until they depart Cape Hinchinbrook and enter the open Pacific.

A final after effect is that Port Valdez now allows tanker Captains to return to the Port and tie up in dangerous weather. Prior to the Valdez incident they refused re-entry and required loaded tankers to either stay inside Prince William Sound and motor back and forth in the traffic lanes or depart and suffer damage (and loss of life).

The oil spill would have never caused as much pollution as it did if British Petroleum hadn't allowed the management of the Valdez terminal to decommission the recovery equipment they had promised the State of Alaska they'd keep on hand for the life of the project. They have recommissioned the oil spill equipment since the incident.

Re:It's all part of the same kind of thinking.

[bribecka]

Hire someone from a company known for its inability to make secure software, and put him in charge of what his company always did poorly.

Or, even better, people could check what in the hell they are talking about! But then again, this is Slashdot, no fact checking [go2vanguard.com] required:

Mr. Schmidt currently is the Corporate Security Officer for Microsoft Corporation, Redmond, WA. In that capacity he directs the activity of those responsible for security of Microsoft?s Information, personnel and facilities Worldwide.

Prior to coming to Microsoft, he was a Supervisory Special Agent, Director of the Air Force Office of Special Investigations, Computer Forensic Lab and Computer Crime and Information Warfare. (HQ AFOSI/CCI). Under his direction he established the first dedicated computer forensic lab in the government. The AF specialized in conducting investigations into intrusions in government/military systems by unauthorized persons in counter intelligence and criminal investigations.

Before AFOSI he was with the FBI at the National Drug Intelligence Center (NDIC) where he headed the Computer Exploitation Team as a Computer Forensic Specialist. As one of the early pioneers in the field of computer forensics and computer evidence collection, he continues to provide training support to an international audience dealing with the new challenges around computer evidence collection and processing.

He was a City police officer from 1983-1994 with the city of Chandler Police Dept. Arizona. While there he was detailed to the FBI academy teaching classes in the use of computers in criminal investigations for approximately 2 years.

Mr. Schmidt served with the US Air Force in various roles from 1967-1983 both active duty and in the civil service. He has served in the military reserves since 1989 and currently serves as a Credentialed Special Agent, US Army Reserves, Criminal Investigation Division (CID). He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet activity.

He holds a Bachelors Degree in Business Administration, (BSBA) and a Master of Arts in Organizational Management (MAOM). He also has a Technician class Ham Radio License, and a Single Engine Land pilots license.

Mr. Schmidt currently is the International president of the Information Systems Security Association (ISSA) and the recently formed IT-ISAC. He is a former executive board member of the International Organization of Computer Evidence (IOCE), served as the co-chairman of the Federal Computer Investigations Committee (FCIC). He is a member of the American Academy of Forensic Scientist (AAFS). He is an advisory board member for the Technical Research Institute of the National White Collar Crime Center. (NWCCC) and he is a distinguished special lecturer at the University of New Haven, CT teaching a graduate certificate course in Forensic Computing. He served as an augmented member to the President's Committee of Advisors on Science and Technology (PCAST) in the formation of an Institute for Information Infrastructure Protection (I3P) He is a regular international speaker in the fields of computer forensics and information assurance.

Mr. Schmidt was one of 29 industry leaders called to the White House to meet with President Clinton on cyber security and has testified before a joint committee on Computer Security and has been instrumental in the creation of public/private partnerships and information sharing iniatives.