The government's record on cyber security is so bleak that they should be looking outside for advise on risk management.
BTW.. why are we always looking for a CZAR to solve our problems. CZARs were out of touch, archaic leaders who held Russia in a feudalistic state hundreds of years after the rest of Europe had progressed. Is this our intent with cyber security?

As much as I agree with the previous post that we don't need a Czar, I also believe that more accountability is required for agency heads to fund security programs. All the banter boils down to money and IT governance. No matter what you hear in the news the typical program is not funded to accomplish the tasks laid out by FISMA, much less protecting computer systems from the top 20% of sophisticated threats. Evolutionary changes are being made, but what administration needs is a revolutionary change in the policies that govern agencies and how the expend IT Security funds. Metrics must be wrapped around the funding to ensure that everyone doesn't pull from the coffers to fund an equipment refresh that they feel is improving security. My suggestion is a working capital fund to address both IT security compliance and infrastructure. Money should be allocated annually as part of the budget planning process at the agency. OMB could provide metrics typical costs based on best practice compliance testing and services.