Exclusive: Apple Taps Former Navy Information Warrior for Global Director of Security

Apple has tapped security expert and author David Rice to be its director of global security, several sources have confirmed to me. He’s expected to start at Apple in March.

Apple hasn’t returned calls seeking comment.

There’s no word yet about what precisely Rice’s job will entail, and knowing secrecy-obsessed Apple, there likely won’t be. But it’s not hard to make a reasonable guess.

With iPhones and iPads penetrating the enterprise in ever more impressive numbers, companies want to know they’re secure.

Late last year Apple started working with Unisys to help it sell Apple products to corporations and government agencies, all of which are concerned about the security implications of iPhones and iPads running on their networks.

Those who know Rice describe him as a deeply respected name in IT security circles who not only can speak the kind of language that makes CIOs comfortable, but can also back up that language with the skills and knowledge to match.

Rice hasn’t yet responded to my messages seeking comment, but his bio is fascinating. He’s a 1994 graduate of the U.S. Naval Academy and has a master’s degree in Information Warfare and Systems Engineering from the Naval Postgraduate School. He served as a Global Network Vulnerability analyst for the National Security Agency and as a Special Duty Cryptologic officer for the Navy.

His LinkedIn profile says he’s executive director of the Monterey Group, a cybersecurity consulting firm. He’s also on the faculty of IANS, an information security research company.

He also works with the U.S. Cyber Consequences Unit, a nonprofit organization that researches the potential for cyber attacks and their impact. Before that he worked for the security firm Neohapsis.

His 2007 book, “Geekonomics,” has been described as the software industry’s equivalent of Ralph Nader’s “Unsafe at Any Speed.” In it he argues that software is modern infrastructure–just like a bridge (hence, the picture on the cover)– and if it’s poorly made or insecure, it constitutes a public hazard.

Those who buy software–consumers, corporations and governments–end up being “crash test dummies” for an industry with no accountability for losses incurred by their customers, he argues.

He goes on to peg the costs of patching faulty software at $180 billion a year, and says that’s probably conservative. Patching software for security weaknesses takes capital that might be used for other, more productive, things.

His solution? Taxes. In a 2008 interview with Forbes, he compared security vulnerabilities in software to the unavoidable pollution emitted by factories. Since software can never be perfect, a “bug tax” keyed to the number and severity of software bugs discovered would create an incentive for better quality control.

Rice would be the latest in a string of high-profile security hires at Apple.

Last March, it hired Window Snyder, the former security chief at Mozilla, as its senior product manager for security, and in 2009 it hired Ivan Krsti?, the former head of security for the One Laptop Per Child project, to work on core security for Mac OS X. Jon Callas, the former CTO of encryption software maker PGP, now a unit of Symantec, joined Apple last year.