Howard Schmidt, the front-runner to become the Bush administration's top cybersecurity adviser, is leaving US government service after only 17 months.
Schmidt, the former chief security officer at Microsoft, played a key role in drafting the Bush administration's National Strategy to Secure Cyberspace, which was released in February.
He has also been an important figure in the administration's efforts to work the private sector, which owns and operates more than 85% of the US's critical infrastructure systems and facilities.
In an informal letter of resignation e-mailed to friends and colleagues, Schmidt praised the work of the president's Critical Infrastructure Protection Board and said he will work to ensure a smooth transfer of projects now in progress.
"With the historic creation of the Department of Homeland Security, the transfer of many of the responsibilities from the Critical Infrastructure Protection Board to DHS and the release of the strategy, I have decided to retire after approximately 31 years of public service and return to the private sector," Schmidt wrote.
"While significant progress has been made, there still is much to do," he said.
"It is the role of industry to take the lead in the implementation of the strategy and the creation of the mosaic of security. To accomplish this will require real time solutions, not just reports and plans that take years to implement [and] have limited value in dealing with the tremendous vulnerabilities that exist here and now.
"Each sector, each enterprise, each company and each user must do their part to secure their piece of cyberspace."
Alan Paller, director of the SANS Institute, said he was saddened by Schmidt's decision to leave. "He was the one representative from industry that actually understood the way attacks are launched and what needed to be done to stop the attacks."
"The nation as a whole is much better at responding to cyber attacks then at any time in the past, but cybersecurity cannot now be reduced to a 'second tier' issue," Schmidt wrote.
"It is not sufficient to just respond to attacks, but rather proactive measures must also be implemented to reduce vulnerabilities and prevent future attacks."