Potential cyber chief Hathaway developing cybersecurity response plan

The Cyberspace Policy Review released by the White House last month was only the beginning of an effort being driven by President Barack Obama to reshape and strengthen the nation’s cybersecurity, according to Melissa Hathaway, who headed up the review.

Hathaway, acting senior director for cyberspace for the National and Economic Security Councils, said today her team plans to produce a comprehensive national incident response plan by the end of the year that will guide response to the cyber equivalent of a major natural disaster. The team also will be working to unravel the overlapping and sometimes contradictory laws and regulations identified in the study that get in the way of effective cooperation and responses to cyber threats.

“You can expect a dialog on this issue with the private sector,” Hathaway said at the Symantec Government Symposium in Washington. “You will also see us working with Congress because many issues will require a legislative fix.”

As a result of the Cyberspace Policy Review, Obama announced last month the creation of a White House office of cyberspace coordinator, who will oversee government cybersecurity policy.

Hathaway on June 12 told GCN's sister publication, Federal Computer Week, that she is a candidate for the White House cybersecurity coordinator position. According to Hathaway, officials hope to select a cybersecurity coordinator in the coming weeks, but no definite date had been set.

“In the coming weeks there will be an announcement of a cyberspace coordinator,” Hathaway said. She said the president is personally engaged in the selection, which should be made soon.

The efforts reflect what Hathaway called an ‘”unprecedented level” of presidential leadership in cybersecurity. It is being established as one of Obama's management priorities, which means performance metrics are being established that will make department heads, not just chief information officers, accountable for their agencies’ security posture.

Hathaway illustrated the scope of the cybersecurity issue with a familiar litany of challenges. The Internet and its associated information infrastructure now underpin much of the global economy and are essential to continued economic growth. However, it has expanded in scope and functionality at a pace that has outstripped efforts to secure it.

“It is not secure enough nor is it resilient enough to be move us forward,” she said. “We are faced with a dangerous combination of known and unknown vulnerabilities.”

The infrastructure is being challenged and attacked not by amateurs, but by professional criminals and spies backed with substantial resources.

There are no coordinated plans for protecting the critical infrastructure or responding to incidents, either by government or the private sector, she said. At the same time, three of the most important initiatives in moving the nation’s economy ahead — building out universal broadband networks, a smart energy grid and electronic health records — are all threatened by these vulnerabilities and exploits.

“These are some of the things that keep the president up at night,” Hathaway said.

The incident response plan will be vetted by the Homeland Security Department and private industry, and Hathaway said a wiki might be established to allow the private sector to collaborate in its development.

Difficult issues of liability and confidentiality will have to be resolved to enable the kind of pubic/private partnership that everyone agrees is necessary to improve cybersecurity. “We can no longer talk about a public-private partnership, but need to act on it,” she said.

Greater international cooperation also is needed, and achieving this will require establishing common standards of behavior in cyberspace. Norms need to be established for defining criminal activity, warfare and terrorism, so that appropriate responses can be agreed upon, she said.

And to achieve all of this, a greater pool of manpower and expertise is required. Educational efforts must be extended past universities into primary and secondary schools to provide an adequate flow to the pipeline.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • connected vehicles

    4 connected vehicle apps Michigan is testing right now

Reader Comments

Wed, Nov 11, 2009 cstumpff

You people are forgetting what we just learned from the financial crisis. It doesn't matter how good something works. All that matters is how good something FAILS. Every lock will fail at some point. Technologies, like PKI, can not be the central theme in attempting to secure our infrastructure. Monitoring, redundency and incident response should be primary. We should put our money into resilience, not try to build bigger better locks.

Thu, Jun 18, 2009 Jeffrey A. Williams

I also want to know how and whom will be implimenting whatever set of rules or
standards are arrived at. This said indeed PKI is one way to go but the encryption will need to exceed current NIST standard or there will be breaches galore.


Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"YES WE CAN!" Barack ( Berry ) Obama

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
My Phone: 214-244-4827

Wed, Jun 17, 2009

PKI (Public Key Infrastructure)from an ECA Trust Center with high encryption and 2 factor authentication is the only way to secure the Internet! 3 factor would the best remedy. THINK! ORC/WIDEPOINT

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group