RealTime IT News

Hathaway: Feds Starting to Get Cybersecurity

NATIONAL HARBOR, Md. -- In her first public address since leaving the White House, Melissa Hathaway issued an urgent warning about the severity of the cyber threats facing America's digital networks, a message she tempered with a cautious optimism about the mounting political will toward addressing the challenges.

Hathaway, the former White House acting senior director for cyberspace, resigned in August after leading a sweeping review of the federal cybersecurity apparatus that President Obama commissioned in February.

"The speed, scale and solutions need to outpace our opponents, and we're not doing a very good job right now," she said this morning at the ArcSight Protect 09 security conference. "The threat is outpacing our defenses. It's growing at a volume and velocity never imagined before."

Hathaway said that her review found that some federal laws and policies have created an uncertainty in the private sector that has hindered the sort of cooperation that she said is essential for an effective cybersecurity policy.

Many members of the private sector told her team that they were leery of sharing sensitive security data with the government for fear that it could become public under the Freedom of Information Act, for instance.

"During the 60-day policy review, we learned that there was a perceived weakness of FOIA," she said.

Similarly, many companies said they are reluctant to work together when facing a common threat, such as the recent Conficker worm, owing to uncertainty about the collusion restrictions in U.S. antitrust law.

For her audience at today's conference, which had a healthy contingent from the private sector as well as government security professionals, Hathaway had an urgent warning.

"We're seeing that corporate data breaches are at almost epidemic levels," she said, mentioning the massive Heartland and TJ Maxx breaches as just two high-profile examples of a snowballing problem.

"There's a lot at stake if you don't start to move from a point defense to an enterprise defense and if you don't start to raise awareness of all your employees and your customers," she said. "It's beyond your quarterly earnings. It's your survival."

Hathaway spoke of the need to "close the innovation gap," urging policymakers to take steps to promote cybersecurity research and education.

While Hathaway often spoke in dark terms about the severity of the threats and the sluggish response of policymakers, she pointed to several encouraging signs that members of government are getting serious about the issue.

President Obama helped elevate the issue in May when he gave a 20-minute speech in the East Room of the White House to accompany the release of Hathaway's report, guaranteeing that cybersecurity policy would be the subject of nationwide media attention, at least for a day.

"We spent the last several years getting cybersecurity to the national forefront," said Hathaway, who had previously served as an intelligence official in the Bush administration after a long career in the private sector, including, most recently, a stint as principal at the consulting firm Booz Allen Hamilton.

In Congress, there are at least 14 bills pending that address various aspects of cybersecurity, many of which enjoy bipartisan support, which Hathaway took as another positive indication.

"You can see that there's a lot of unity of effort up on the Hill," she said.

That sentiment was echoed by one of the congressional staffers who is in the thick of the cybersecurity policy debate in a panel discussion following Hathaway's speech.

"You are seeing [a] really fantastic and kind of rare bipartisanship on the Hill," said Sameer Bhalotra, the lead cybersecurity staffer on the Senate Select Committee on Intelligence. "Most of the debates are not partisan."

Coordinating with Congress figures to be one of the key roles of the new White House cyber coordinator, a position Obama said he planned to create in his May speech. Obama has yet to fill the role, though Federal CTO Aneesh Chopra said last week that he had been interviewing candidates, fueling speculation that an announcement could be forthcoming as early as this week.

An unconfirmed Reuters report named Frank Kramer, a former assistant Defense secretary in the Clinton administration, as the top candidate, citing a source with "direct knowledge of the matter."