SAN FRANCISCO — President Obama’s acting senior director for cyberspace security, Melissa Hathaway, made the public speech of her new role here at the RSA Conference, dropping a few hints on her forthcoming, and closely anticipated, report on federal cybersecurity policies and initiatives.
But if security industry observers were looking for an early peek at Hathaway’s findings, they’re likely to have gone away disappointed.
In February, Obama ordered a 60-day review of federal cybersecurity policies, led by Hathaway, a former executive with the consulting firm Booz Allen Hamilton, and more recently, a senior adviser to the Director of National Intelligence. She also chaired the National Cyber-Study Group, a senior-level interagency body that was instrumental in developing the Comprehensive National Cyber-Security Initiative (CNCI).
While Hathaway’s report is completed, she said it won’t be made public until it’s been reviewed by the president and his staff.
Still, she did give a “Hollywood trailer” version of it here at the conference — along with an admission that the administration will have its work cut out for it in shoring up the nation’s network security.
“Cyberspace won’t be secured overnight and on the basis of one good plan,” she said. “As they say, this is a marathon, not a sprint. But with this review, we have taken the first steps to make real and lasting progress.”
Getting started soon on making progress might make a lot of sense, especially considering the high-profile breaches that the nation is reported to have suffered at the hands of cyberspies. In recent days, hackers stole data on a U.S. warplane, while the nation’s electrical grid also suffered a cybersecurity breach, according to reports.
Sharing the load
Several of Hathaway’s findings echoed earlier comments and recommendations by legislators or policy advocates.
She said the private sector needs a bigger role in securing cyberspace, and that responsibility for the protection of federal computer networks and systems should be handled by a number of agencies, with the White House coordinating the overall effort.
Hathaway pointed out that the Internet had originally been designed in a bygone era, where the system’s focus had been more about interoperability and compatibility than for security.
With those days now long past, it’s become the federal government’s “fundamental responsibility” to address strategic vulnerabilities in cyberspace, she said, adding that the government also has to ensure the United States and the world realize the full potential of information technology.
Complicating matters is that no one government agency can do it — they all have to work together, she said. The White House must lead the initiatives, along with state and local governments, and it must be done in such a way that the American people can appreciate the need for action, according to Hathaway.
“Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law,” she said. “We need to demonstrate abroad and here at home that the United States takes cyberspace issues, policies, and activities seriously. Achieving this vision requires leadership and commitment from the highest levels of government, industry and civil society.”
The United States must also work with countries around the world to secure the digital infrastructure, since the Internet is borderless.
“The U.S. cannot succeed in security cyberspace if our government works in isolation,” she said. “We need to work with countries around the world.”
RSA runs through Friday.