SAN FRANCISCO -- Having made no public comments during the past two months, Melissa Hathaway took center stage Wednesday at the 2009 RSA Conference to deliver a high-level summary of her team's 60-day review of the country's cybersecurity policies and structures.
Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils, is thought to be a candidate for the national cyber advisor, a White House-level position that would oversee U.S. cybersecurity and institute the mechanisms for information security cooperation domestically and internationally.
"The White House must lead the way forward with leadership that draws upon the strength, advice and ideas of the entire nation," Hathaway said.
She stressed that the United States must ground itself as a leader in addressing vulnerabilities in cyberspace, and that no one government agency has a broad enough perspective to lead this effort. Hathaway's statements seemed to quash concerns that responsibility for cybersecurity would be handed over to the National Security Agency, reaffirming earlier statements made by director Lt. General Keith Alexander. The NSA chief told RSA Conference attendees a day earlier that the NSA had no interest in running cybersecurity for the country.
Hathaway added that the government must be vigilant in securing critical infrastructure, such as water, communications and the electrical grid. This also includes cooperation with the private sector, which designs, builds, owns and operates most of the infrastructure in use.
"Government and industry leaders, both here and abroad, need to delineate roles and responsibilities, balance capabilities, and take ownership of the problem to develop holistic solutions."
Hathaway's report on the state of U.S. cybersecurity was delivered to President Barack Obama on Friday; she said the results should be made public in the coming days. Hathaway said the review touches on every facet of government networks, including the missions of computer network defense, law enforcement investigations, military and intelligence activities, and how those intersect with information assurance, counterintelligence, counterterrorism, telecommunications policies and general critical infrastructure protection.
Hathaway's team of government cybersecurity experts identified more than 250 needs, tasks and recommendations, she said. She also requested that government agencies identify new or existing requirements they may have. She added that her team connected with the security industry, academia, civil liberties and privacy entities, state governments and executive branches of government.
"Our outreach involved unprecedented transparency and engagement for a National Security Council initiative and having come from the private sector myself," Hathaway said, "I recognized it was vital to the review's overall success.".
During the Bush administration, Hathaway served as senior advisor to the Director of National Intelligence, John Michael McConnell, chaired several cybersecurity-related groups and helped develop the Comprehensive National Cybersecurity Initiative (CNCI). The CNCI plan is a $40 billion classified plan that has 12 components, including the Trusted Internet Connections (TIC) program. TIC's goal is to trim the number of connections from federal computer systems to outside networks from more than 4,000 to fewer than 100. The Einstein system, a network-monitoring tool used by DHS to monitor and analyze traffic moving through federal networks, is a key component of TIC.