ARCHIVED 2/10/10

February 10, 2010

To view the original article please click here.


Mickey McCarter, Homeland Security, 02/10/2010

A Dutch colleague of former White House cybersecurity advisor Melissa Hathaway was traveling through Colorado when he stopped to get gas.

Unfortunately, he was bewildered by the gas pump’s request for a five-digit ZIP code as a means of secondary authentication for the transaction. He left, unable to purchase the gas.

”We had innovation to try to deal with a problem but it didn’t port across cultures and across geographies. And that’s an unacceptable innovation at the end of the day because they lost the sale and we need to have more global solutions,” Hathaway said in a press conference in Washington, DC, Tuesday.

Hathaway emphasized the next steps required for securing cyberspace in a forum sponsored by the Internet Security Alliance (ISA) about one year after the effort to draft the Obama administration report Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, later released in May 2009.

Hathaway, now president of Hathaway Global Strategies LLC, was assigned to the White House as acting cybersecurity advisor from the Office of the Director of National Intelligence (DNI) when she served as chief author of the Cybersecurity Policy Review.

To follow up on the recommendations in that review, Hathaway endorsed a national conversation, where leaders distill complex issues into simple language. She also called for global engagement and strengthened public-private partnerships to come up with more universal solutions, which would avoid difficulties such as those faced by her colleague from the Netherlands.

New models for public-private partnerships would require strong trust, appropriate laws, and smart policy, Hathaway said. Companies must embrace cybersecurity from an enterprise standpoint rather than chasing point-to-point solutions as an afterthought, she said.

”As we race to embrace, buy and integrate the newest technologies into our lives and businesses, do we really understand the vulnerability and exposure points and subsequent risks that are bundled in that purchase” Hathaway queried.

The United States also must pursue an accelerated workforce and advanced learning in cybersecurity, she asserted. Linking cyber challenges to funding for government-sponsored universities that offer cybersecurity curricula would go a long way to meeting national needs.

Legislation like the Cybersecurity Enhancement Act (HR 4061), passed by the House of Representatives last week, helps to meet the goal of boosting the US cybersecurity workforce, Hathway told

”The Cybersecurity Enhancement Act is a great piece of legislation that is going to further enhance our research and development,” she said.

The act would reauthorize and expand the Cyber Security Research and Development Act (Public Law 107-305), providing a clear agenda for US cybersecurity research, setting up public-private cybersecurity partnerships, and encouraging private investment for cybersecurity technologies.

”To the extent that we can continue to focus those cybersecurity research and development dollars toward our highest priority agenda items is important. By calling attention to it in Congress and further enhancing the funding forward it, we will continue to move that agenda forward,” Hathaway commented.

Since the release of the Cybersecurity Policy Review, the Obama administration has restated its commitment to cybersecurity, stood up a cybersecurity office within the National Security Staff, and appointed Howard Schmidt as the White House cybersecurity coordinator.

But Hathaway said that is not enough. “A lot of important staff work has been done over the last several months, but in many ways, I feel like we have lost the sense of urgency in this situation. A full-spectrum threat requires a full-spectrum response and it requires a mobilization of all of the resources that this country can bring to bear. And it requires strength, leadership, and bold steps moving forward,” she stated.

The cybersecurity coordinator will have difficult policy choices to make, Hathaway said, but he can get a lot done if he has the right allies.

”I like to view that position as the quarterback in how you harness all of the capabilities of the government. The strongest ally that position should have is within the Office of Management and Budget,” she remarked. “When I was in White House and DNI, I found that was an important partnership to have. All things begin and end with the budget.”

Hathaway spoke at an awards event held by ISA, which presented her with its McCurdy Award, its annual award for vision in cybersecurity.