Melissa Hathaway spoke to a crowd of over 1,000 at a lunchtime address during the Symantec Government Symposium last week in Washington, D.C. President Obama appointed Hathaway on Feb. 9 as White House Acting Senior Director for Cyberspace for the National Security Council (NSC), and, until it was merged out of its painful existence on May 26, the Homeland Security Council (HSC), a Bush-era creation.
Obama directed Hathaway to conduct a comprehensive 60-day Cyberspace Policy Review, which was released on May 29. Obama is expected to name a permanent “cybersecurity czar” to implement the report’s recommendations.
The White House quelled turf speculation over the reporting structure for the impending U.S. cybersecurity position by quietly “merging” the HSC into the NSC on May 26, just three days before releasing the cybersecurity policy review.
The CSIS cyberspace review group, which was commissioned in August 2007 during the Bush presidency, delayed publication of the review until immediately after the 2008 presidential election. As readers of the document know, it contains significant criticism of the Bush-era DHS.
Hathaway’s report had been critical of the Homeland Security Council, again echoing the December 2008 CSIS report, which, among many others, was critical of the DHS. The HSC, with a staff of 250 mirroring NSA’s “twin” staff of about 250, produced almost identical “directives,” and seemed to many a duplicative and redundant Bush-era institution.
In her remarks, Hathaway raised several key issues with the audience, including:
- Private-sector data sharing: Although required to effectively detect and combat cybercrime, this can be wrongly, in her view, seen as an antitrust violation.
- Whether, when an organization puts its data in the cloud, it gives up its fourth amendment privacy rights.
- The unfinished legislative review work cited in a footnote in the 60-day cybersecurity review and the need for comprehensive legislative reform, which can be interpreted as a signal to backers of evolving state and federal legislation that their initiatives may be superseded.
- A national ad campaign on cybersecurity awareness, like the Smokey the Bear campaign.
- In terms of immediate priorities, that a national incident response plan is to be completed by end of year.
- That government also needs to work with the international cybersecurity community.
Hathaway, a top contender for the permanent White House post, confirmed that she is currently “in the interview process” for that position, which, she stated in an interview Tuesday, she hopes “will conclude in the next few weeks … and be resolved favorably.”
The daylong symposium consisted of 20 separate breakout sessions instructed by over 100 panelists, a veritable “who’s who” of highly influential cybersecurity-related officeholders in the current administration or Congress, plus a few luminaries in the world of IT security.
As a measure of industry optimism regarding future government spending on cybersecurity, Enrique Salem, CEO of Symantec’s $5 billion business, was among the symposium speakers, who also included:
- Steven Shirley, executive director, Department of Defense Cyber Crime Center
- Eran Feigenbaum, director of security, Google Apps
- Mischel Kwon, director, United States Computer Emergency Readiness Team (US-CERT), National Cybersecurity Division, Department of Homeland Security
- Jeremy Warren, chief technology officer, Department of Justice
- Peter Mell, senior computer scientist, National Institute of Standards and Technology
- Jacob Olcott, subcommittee director, U.S. House of Representatives Homeland Security Committee
- Jim Jaeger, director, cyber defense and forensics, General Dynamics
Other panels included key contributors to the highly influential December 2008 CSIS report on securing cyberspace. Hathaway’s White House Cyberspace Policy Review footnotes the CSIS report eight times, more than any other source listed among the document’s 67 total footnotes. On June 1, CSIS released a comparison of its 25 original recommendations with Hathaway’s report, noting that 17 of the 25 were adopted by the White House report.
When questioned Tuesday at the Symantec symposium, former CSIS commission members smiled knowingly and declined to name any of the other individuals currently under consideration for the permanent White House post besides Hathaway.
These panelists, cited in the CSIS report as contributors, included:
- Sameer Bhalotra, a career professional staff member of the U.S. Senate Select Committee on Intelligence who leads the SSCI cyber study team.
- Dan Chenok, senior vice president, Pragmatics and former OMB security policy executive.
- Bruce McConnell, former NSA senior executive, director of $100 million ArcSight and of Sun Microsystems’ federal subsidiary.
- Amit Yoran, CEO, NetWitness Corp., and former director, National Cybersecurity Division, DHS, and US-CERT.