WASHINGTON, D.C. – Making her first public remarks since resigning as acting director for cyberspace, Melissa E. Hathaway today reiterated calls for communication and cooperation between and among private corporations and the public sector in helping to protect not only critical infrastructure, but the welfare of the U.S. economy.
"We need to invest in resiliency," Hathaway said. "We need to understand and communicate the gravity of the situation. This is our way of life. Our infrastructure is the global economy. Whether we take responsibility to address those vulnerabilities will determine the future of our economy and national security."
Hathaway was the keynote speaker Monday at ArcSight's annual user conference, Protect '09. Much of Hathaway's address touched upon points she made in the Cyberspace Policy Review, released May 29. Hathaway led the 60-day review of federal cybersecurity policies as mandated by President Obama, and was long considered a contender for the cybersecurity coordinator position before she resigned Aug. 7. Hathaway, it has been reported, was frustrated by how long the process was taking to name a coordinator.
Federal cybersecurity news:
House cybersecurity advisor calls for public-private cooperation: Melissa Hathaway delivered
precious few details about her 60-day review of the country's cybersecurity policies and structures
during her RSA Conference keynote.
Obama announces creation of cybersecurity coordinator position: The president promised to treat critical infrastructure as a strategic national asset, and that the cybersecurity coordinator would be responsible for orchestrating cybersecurity policy.
Reuters: Obama ready to select cyber security czar: Reuters reported that Frank Kramer, a former assistant Defense secretary under President Bill Clinton. is the lead candidate, according to an unidentified source.
Hathaway presented a series of grave numbers about the current state of cybersecurity. She said the underground economy is close to a $1 trillion business, and law enforcement is hamstrung in finding and prosecuting attackers, most of whom are believed to be based in Eastern Europe and Asia. She called corporate data breaches an epidemic, and expressed concern over the evolution of botnets. She said the July 4 denial-of-service attacks against 14 U.S. government websites were the equivalent of eight years worth of traffic fired at networks in a 15-minute span; more than 1 million attacks from 200,000 unique IP addresses.
More serious still are the system control vulnerabilities being introduced as critical infrastructure systems move to IP networks. She said one successful takedown attack on the energy grid could cause up to $700 billion in damage, or the equivalent of 50 hurricanes striking U.S. shores at the same time.
"All sectors are in danger," Hathaway said, pointing in particular to secondary attacks being carried out against supply chains to gain access to primary targets to steal intellectual property, or infect systems with malware that can steal data or recruit more zombie computers. Hathaway urged corporate America to move from point defenses to what she called enterprise defenses, pointing out that attacks to data and systems not only put customers at risk, but can impact reputation, brand integrity, time to market, market presence, quality of service and business continuity.
Hathaway's keynote was not all gloom and doom. She presented a list of the 14 bills before Congress related to cybersecurity; many of those have bipartisan support she said. She urged America to bring back innovation and encourage cybersecurity education in universities. She asked the government to use its power of procurement to set a higher security standard and influence standards development, in particular around planned initiatives such as the FAA's NextGen Air Transportation System, the Smart Grid, and initiatives to bring broadband nationwide.
"We need to begin national and international dialogue. It's incumbent on you to discuss the vulnerabilities and threats you're seeing on corporate networks in an open way," Hathaway said. "We need to abandon institutional prerogatives to get to a common good."