Mike Steinmetz describes himself as, “kind of a Renaissance man.” A Renaissance man is precisely the right kind of person for the job as Rhode Island’s first Cybersecurity Officer and Advisor to the Governor on Homeland Security. He likes music, flying and hikes in the woods with his spouse. “I have a grounding in liberal arts and music. I do appreciate a lot of things,” Steinmetz said. In the treacherous and constantly shifting landscape of internet security, his well-rounded experience allows him to see the forest for the trees.
Steinmetz presents a humble description of his accomplishments. “I had a bucket list. I wanted to play music. I wanted to fly planes. I wanted to do the spooky stuff in government. I wanted to be a captain of industry.” Looking at his impressive curriculum vitae, which includes a Bachelor of Music Education from the Peabody Institute of Johns Hopkins, two years as director of mining for the Supreme Allied Commander Atlantic of NATO, a captain in the US Navy, a deputy chief of staff for the NSA, and multiple titles related to digital security strategy for an international energy and utility company, he has had the opportunity to scratch all of those items off his list.
Steinmetz attributes his ability to stay ahead of the seemingly unimaginable and ceaseless cyber-threats to Rhode Island government agencies, infrastructure and industries to the career-long training of the people who work in his office. Additionally he described leadership information sharing within a well-developed network of sector-based groups known as Information Sharing and Analysis Centers (ISAC). These groups of stakeholders communicate concerns and knowledge with one another in order to ensure the most up-to-date risks and strategies are made available for all at-risk sectors.
Steinmetz was appointed by Governor Raimondo on April 18, 2017, as the state’s first cybersecurity officer. When asked about the uniqueness of the position among states, he said, “Our governor is very close to Terry McAuliffe in Virginia, who has done a great job with cybersecurity. [Raimondo] has taken a play or two out of his playbook.” Steinmetz went on to talk about Raimondo’s May 25, 2017, executive order, establishing Rhode Island’s first Homeland Security Advisory Board. The seven-member board, with Steinmetz, provides strategic guidance to the governor on homeland security and cybersecurity issues, working with the State Police, the Emergency Management Agency, the Rhode Island National Guard, the Division of Information Technology and other stakeholders. Rhode Island is, of course, more than just a state government. And that is where the joint cyber-task force, led by Rhode Island State Police Captain John Alfred, comes into play. The group melds private sector and public sector, throughout the cities, towns and municipalities in Rhode Island, giving them a voice, in Steinmetz, at the governor’s level.
As an interviewee, Steinmetz was affable and charming. It is obvious he not only possesses the bona fides to strategize and manage the state’s digital security, but also to deftly exercise public relations. Nothing he said failed to check out. Yet, his finesse when answering the most obvious question, “What do you see as Rhode Island’s biggest cyber security threat or challenge?” was met with a response both entirely true and simultaneously guileful. He talked about different levels of digital savvy, much of it based on generational differences. He cited Marc Prensky and his writing on “digital natives” versus “digital immigrants,” regarding those who were born into a digital world and those onto whom a computerized world has been thrust. While such a concept is undeniably accurate, it reveals the “spooky government” side of the RI cybersecurity officer demonstrating his adroitness at answering the question thoroughly, but sparing the gory details.
For example, if you are reading this, there is a good chance your social security number, recent purchasing history, credit reports, employment history and much more are in the hands of foreign adversaries, by way of a breach in the cybersecurity of Equifax. Steinmetz did not mention this. Here is another example. At a recent conference in Chicago, the structural failures in America’s voting systems were explained by Gregory Miller, co-founder and chief development officer of OSET Institute, a non-profit organization dedicated to analyzing the major deficiencies in US voting systems. Miller said that the flaw lies in the servicing contracts on voting machines, relying on replacement parts manufactured in Asia. Another key flaw is the reliance on voting data processed on modifiable personal computers using software that is always being updated. Again, the cybersecurity officer did not bring this up.
What Mike Steinmetz did say, however, is true and merits attention. He said, “I have to say, security is a journey. But, the journey is cultural … Really, it is about people and creating an informed citizenry. If the people are not well-informed, then the best intentions have sub-optimal results.” Steinmetz is an eminently qualified individual for a position that is critically important to Rhode Island. If anyone is up to the task, it is him. However, his message is that we all need to play our part in protecting the homeland. And, our homeland now includes cyberspace.