ARCHIVED 2/17/10

February 17, 2010

To view the original article please click here.


Rebecca Neal, The Federal Times, 02/17/2010

The federal government is losing “the sense of urgency” in the cybersecurity battle, says the author of the Obama administration’s 2009 cybersecurity report.

Melissa Hathaway, former acting cybersecurity chief, said private and public organizations must work together and take “bold steps forward” to protect vital computer systems and restore that sense of urgency. The discussions over how best to secure the government’s networks can’t take place just in Washington but should be a national dialogue, she said.

”We need to have a lot more people outside the Beltway talking about what’s happening and what they’re going to do about it. We need to tell simple stories [about cybersecurity] so everyone can talk about them at the water cooler and dinner table, and relate to them,” she said.

Hathaway, now a cybersecurity consultant, received the Internet Security Alliance’s Dave McCurdy Internet Security Award on Tuesday, honoring her work in conducting the administration’s cyberspace policy review. The review, released last spring, called cyberspace a “strategic national asset” and said more investments in education and technology are needed to protect critical systems.

The review also called for the creation of a White House cybersecurity coordinator, or “czar.” Obama named Howard Schmidt, the Bush administration’s cybersecurity chief, as the cybersecurity czar in December.

Schmidt is well-qualified for the job, Hathaway said at the award presentation in Washington. She called the cybersecurity czar the “quarterback” harnessing the government’s abilities to respond to cyber attacks. Schmidt will need to make himself known around the White House in order to build his influence and secure needed funding, she said.

”The strongest ally that person needs is within the Office of Management and Budget. That’s an important partnership to have because that is where all things begin and end with the budget,” she said.

Hathaway said interagency communication is crucial to sharing best cybersecurity practices and recognizing possible cyber attack patterns, but some officials may be hesitant to share information for fear of bad publicity.

”How can we be sure sharing vulnerable data from one agency to another will be kept confidential and not appear in news outlets the next day” she asked.

Hathaway said the U.S. government must work with other countries and with companies to innovate and strengthen security, though information technology managers must keep in mind how different IT solutions would work in different states or countries.

She said a colleague from the Netherlands wasn’t able to purchase gas using a credit card in Colorado because he didn’t have a ZIP code to enter to validate the card; many gas stations require customers to enter the ZIP code matching their accounts to prevent credit card fraud. She said that example shows an IT solution that didn’t meet the needs of a global audience.

”That’s an unacceptable innovation, because at the end of the day, they lost the sale. We need to have better innovations,” she said.