Melissa Hathaway, the Acting Senior Director for Cybersecurity for the National Security and Homeland Security Councils, today gave RSA Conference attendees in San Francisco a glimpse - what she called a "movie trailer" - into the state of U.S cybersecurity.After delivering her report to President Obama last Friday,
According to Hathaway's 60 second trailer, the key to a cyber secure future lies in cooperation between the public and private sector and a united effort on both a hyperlocal front as well as globally.
A Manhattan Project to Defend Cyber Networks
Melissa Hathaway came across our radar recently when President Obama tasked the former Bush administration aide with leading a 60-day review of Bush's Comprehensive National Cybersecurity Initiative; a largely classified, purported $30 billion, multi phase plan to address cybersecurity issues that Hathaway was involved in developing. The initiative was promptly dubbed 'a Manhattan Project to defend cyber networks' by the then Secretary of Homeland Security, Michael Chertoff.
The CNCI, which began as a directive from President Bush in January 2008, received much criticism and, in part, led to Obama attacking the Bush administration during his campaign for not efficiently addressing cyber threats. "As president, I'll make cyber security the top priority that it should be in the 21st century," Obama said during a speech in July.
Unfortunately, as pointed out by Siobhan Gorman in the Wall Street Journal, the decision to hold a 60-day review suggests that any big move in the field of national cybersecurity was once again put off. Or was it?
Who is to Blame for Internet Security Problems?
"Despite all of our efforts," Hathaway began, "our global digital infrastructure, based largely on the Internet is not secure enough or resilient enough for what we need today and what we need for the future."
She explained that the original design of the Internet was driven more by considerations of interoperability rather than security, and as a result we are now faced with almost insurmountable issues. Some examples include online criminals who steal our information, mass bandits who have the ability to damage portions of our internal infrastructure, and the recent ATM scam that law enforcement sources claim is one of the most frightening and well coordinated heists they'd ever seen. "In a single 30 minute period," Hathaway said, "138 ATMs in 49 cities around the world were illicitly emptied of their cash." This can't continue she explained, "Our goals depend on trust and that cannot be achieved if people believe they are vulnerable to these types of threats."
The Trailer for the Path to National CyberSecurity
We need an agreed way to move forward which involves shared responsibility, Hathaway noted, if we are to have "trustworthy, resilient, reliable" cyberspace.
Describing cyberspace and its security as "a fundamental responsibility of our government that transcends the jurisdiction of individual departments and agencies," Hathaway explained that although each government agency has a unique contribution to make, no single agency can see the overall picture and they'll need to work together.
Additionally, the private and the public sectors need to join forces as they are "intertwined" when it comes to cybersecurity. "While it is the role of the government to protect its citizens, it is the private sector that in the main designs and owns the majority of the digital infrastructure," she said.
Finally, Hathaway sees this as a unique opportunity for the United States to work with countries around the world, and with organizations on an extremely local level. "We cannot succeed if our government works in isolation," she added. It requires "leading from the top" from the White House, to government departments, to the private sector, the C-Suite, and even deeper, to the local classroom and library.
Hathaway said that her report, the culmination of a 60-day comprehensive review to assess U.S. cyberspace policies and structures, will be made public in the next few days after the administration has had a chance to review the data.