Melissa Hathaway, former acting senior director for cyberspace for the National Security and Homeland Security councils, spoke of the need for better public-private cooperation at a cybersecurity panel in Washington last week.
“Thank god for Akamai, who redirected a lot of the bandwidth and kept the Department of Transportation and NYSE up and running,” she said, referring to the DDoS attacks on the U.S. government earlier this year. Hathaway highlighted the importance of moving forward on enacting the 25 recommendations included in the cybersecurity report she delivered to the White House.
Her remarks followed the same theme as the speech on cybersecurity threats she delivered to the ArcSight Conference earlier this month.
Hathaway was proud of the attention that the Obama administration has paid to the issue, observing that when President Obama spoke, it was “the first time the leader of any country spoke about cyberspace or cybersecurity for any length of time.” Obama’s speech on cybersecurity is embedded below.
Hathaway noted that cybersecurity threats are a personal issue to the president, referring to attacks against his BlackBerry, and to his staff, given “their data breaches, and policy documents that he lost.”
“Many people don’t realize their computer is already infected by a botnet” she said, emphasizing the importance of raising awareness of the risks. “How many people realize that when they buy a thumb drive that it comes with extra executables for marketing purposes to send data home?”
Hathaway called endemic data breaches in the business world “one of the biggest secrets that no one is talking about publicly” and drew attention to a rising tide of electronic fraud worldwide. “In Bulgaria,” she said, “one of our colleagues said you can’t withdraw cash at an ATM unless you have your cellphone and it geolocates you.” How many people now have to put ZIP codes in for gas? “That’s because POS terminals have been hijacked.”
Cybersecurity threats extend beyond fraud, identity theft and data breaches. “There is generally a lack of agreement about what is a crime in cyberspace, much less what is an act of war,” Hathaway said. “In the event of a digital disaster, who is going to restore the infrastructure?” Also key: Who will pay? “It’s not going to be the government,” she said, at least not under current Federal Emergency Management Agency frameworks. “There’s no equivalent of a national disaster in cyberspace yet.”