Potential cyber chief Hathaway developing cybersecurity response plan
The Cyberspace Policy Review released by the White House last month
was only the beginning of an effort being driven by President Barack
Obama to reshape and strengthen the nation’s cybersecurity, according
to Melissa Hathaway, who headed up the review.
Hathaway, acting senior director for cyberspace for the National and
Economic Security Councils, said today her team plans to produce a
comprehensive national incident response plan by the end of the year
that will guide response to the cyber equivalent of a major natural
disaster. The team also will be working to unravel the overlapping and
sometimes contradictory laws and regulations identified in the study
that get in the way of effective cooperation and responses to cyber
“You can expect a dialog on this issue with the private sector,”
Hathaway said at the Symantec Government Symposium in Washington. “You
will also see us working with Congress because many issues will require
a legislative fix.”
As a result of the Cyberspace Policy Review, Obama announced last
month the creation of a White House office of cyberspace coordinator,
who will oversee government cybersecurity policy.
Hathaway on June 12 told
GCN's sister publication, Federal Computer Week, that she is a
candidate for the White House cybersecurity coordinator position.
According to Hathaway, officials hope to select a cybersecurity
coordinator in the coming weeks, but no definite date had been set.
“In the coming weeks there will be an announcement of a cyberspace
coordinator,” Hathaway said. She said the president is personally
engaged in the selection, which should be made soon.
The efforts reflect what Hathaway called an ‘”unprecedented level”
of presidential leadership in cybersecurity. It is being established as
one of Obama's management priorities, which means performance metrics
are being established that will make department heads, not just chief
information officers, accountable for their agencies’ security posture.
Hathaway illustrated the scope of the cybersecurity issue with a
familiar litany of challenges. The Internet and its associated
information infrastructure now underpin much of the global economy and
are essential to continued economic growth. However, it has expanded in
scope and functionality at a pace that has outstripped efforts to
“It is not secure enough nor is it resilient enough to be move us
forward,” she said. “We are faced with a dangerous combination of known
and unknown vulnerabilities.”
The infrastructure is being challenged and attacked not by amateurs,
but by professional criminals and spies backed with substantial
There are no coordinated plans for protecting the critical
infrastructure or responding to incidents, either by government or the
private sector, she said. At the same time, three of the most important
initiatives in moving the nation’s economy ahead — building out
universal broadband networks, a smart energy grid and electronic health
records — are all threatened by these vulnerabilities and exploits.
“These are some of the things that keep the president up at night,” Hathaway said.
The incident response plan will be vetted by the Homeland Security
Department and private industry, and Hathaway said a wiki might be
established to allow the private sector to collaborate in its
Difficult issues of liability and confidentiality will have to be
resolved to enable the kind of pubic/private partnership that everyone
agrees is necessary to improve cybersecurity. “We can no longer talk
about a public-private partnership, but need to act on it,” she said.
Greater international cooperation also is needed, and achieving this
will require establishing common standards of behavior in cyberspace.
Norms need to be established for defining criminal activity, warfare
and terrorism, so that appropriate responses can be agreed upon, she
And to achieve all of this, a greater pool of manpower and expertise
is required. Educational efforts must be extended past universities
into primary and secondary schools to provide an adequate flow to the