February 9, 2010

To view the original article please click here.


Jim Garrettson, The New New Internet, 02/09/2010

The Internet Security Alliance (ISA) has awarded Melissa Hathaway the Dave McCurdy Internet Security Award, in recognition of her contribution to strengthening cyber security. The award recognizes Hathaway’s contribution to US national cyber security in her role in conducting the Cyberspace Policy Review and her ongoing efforts to raise cyber security awareness.

“No one in 2009 did more than Melissa Hathaway,” said Mike Hickey, 1st Vice Chair of the Board of Directors of ISA. During his opening remarks, Larry Clinton, president and CEO of ISA, said that investment in cyber security is going down, yet we know how to stop or mitigate 80-90 percent of the threats we currently face.

Hathaway believes that there is no longer a sense of urgency surrounding cyber security. “I feel like we have lost the sense of urgency of the situation,” she said.

During her remarks, Hathaway highlighted a number of areas where the US cyber security effort needs improvement. The main key areas she discussed were leadership, partnerships, education and innovation.

Leadership starts with a conversation and awareness of the issues at hand. The leaders in this area need to be transparent about the threats and vulnerabilities. All sectors involved in cyber security need to facilitate information sharing.

The need for partnerships between all entities in the cyber arena, from governments, to companies, to individuals, is central to cyber defense. The recent cyber attacks against Google which took place in December, only serve to bring the issue into focus.

The Google attacks demonstrate that the “private sector is on the front lines of an already raging cyber war,” said Clinton.

Hathaway recognized some of the difficulties with building effective partnerships. In public-private partnerships, “we don’t do a very good job at translating the problem,” Hathaway said.

The obstacles to partnerships don’t stop with public-private but extend throughout the possible partnership networks. How do we ensure that the information which is shared regarding vulnerabilities or breaches won’t be leaked to the press How do you get common ground across national borders

A central question Hathaway raised was how do we identify the impediments to building partnerships so that we can effectively address them Hathaway believes that the central impediments are trust, law and policy. Once the issue of trust is effectively addressed, it will be easier to overcome the legal and policy issues.

Another important consideration is the issue of resiliency. Hathaway called for resiliency and recovery to be built into our systems. Organizations, the government and individuals need to plan and practice contingency operations in the event of a cyber disaster.

Innovation was another central theme of Hathaway’s remarks. She told a story about a colleague who visited from the Netherlands who was unable to withdraw gas using a credit card because his area code was not linked to his credit card account. The system developed to combat credit card fraud was poorly designed because it failed to span across cultures and societies.

Finally, Hathaway discussed the importance of education, not only in our present workforce but also in future generations. She advocated for increasing the offerings of internships and scholarships for individuals at the high school and university levels to create the next generation of cyber professionals.

Hathaway’s remarks raise a number of important considerations, which if effectively investigated and addressed, could move US cyber security forward in a positive direction.