Security News > 2006 > June > U.S. Cybersecurity Chief May Have a Conflict of Interest
http://www.washingtonpost.com/wp-dyn/content/article/2006/06/28/AR2006062801903.html Associated Press June 29, 2006 The Bush administration's cybersecurity chief is a contract employee who earns $577,000 under an agreement with a private university that does extensive business with the federal office he manages. Donald "Andy" Purdy Jr. has been acting director of the Homeland Security Department's National Cyber Security Division for 21 months. His two-year contract with Carnegie Mellon University in Pittsburgh has drawn attention from members of Congress. By comparison, the Homeland Security secretary, Michael Chertoff, is paid $175,000 annually. Purdy is on loan from the school to the government, which is paying nearly all his salary. Meanwhile, Purdy's cybersecurity division has paid Carnegie Mellon $19 million in contracts this year, almost one-fifth of the unit's total budget. Purdy said he has not been involved in discussions of his office's business deals with the school. "I'm very sensitive to those kinds of requirements," Purdy said. "It's not like Carnegie Mellon has ever said to me, 'We want to do this or that. We want more money.' " Some lawmakers who oversee the department questioned the decision to hire Purdy as acting cybersecurity director. They noted enduring criticism by industry experts and congressional investigators over the department's performance on cybersecurity matters. Purdy's contract "raises questions about whether the American people are getting their money's worth," Democratic Reps. Bennie Thompson of Mississippi and Loretta Sanchez and Zoe Lofgren, both of California, wrote in a letter to Republicans. Purdy, a longtime lawyer, has held a number of state and federal legal and managerial jobs. He has no formal technical background in computer security. Purdy controls a budget of about $107 million and as many as 44 full-time federal employees. He said his salary is commensurate with those of some other government contractors. Purdy's former boss and predecessor as cybersecurity chief, Amit Yoran, earned $131,342 before he resigned abruptly in October 2004. Chertoff agreed one year ago to create a position of assistant secretary over cybersecurity. The job is unfilled, a point of consternation among many security experts. Carnegie Mellon is highly regarded among experts who study hacker attacks and software flaws. The university declined to comment on Purdy's salary, citing employee confidentiality. It said it has avoided discussing government contracts with Purdy in his role as chief of the cybersecurity office that awards those contracts. The department said Purdy consulted with ethics lawyers when he signed his employment contract. Purdy is so careful about avoiding potential conflicts that he leaves the room when employees discuss contracts related to Carnegie Mellon's work, said one DHS official, who spoke on the condition of anonymity because this official is not authorized to speak with reporters. © 2006 The Washington Post Company _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
News URL
http://www.washingtonpost.com/wp-dyn/content/article/2006/06/28/AR2006062801903.html