April 17 is the deadline for Melissa Hathaway to put on the president’s desk the comprehensive 60-day U.S. cybersecurity review Obama mandated on Feb. 8. That was the day he also invented her current title, “Acting Senior Director for Cyberspace” for the National Security and Homeland Security councils.
Hathaway is a person about whom we will be hearing a lot more, due to the seriousness with which the Oval office is taking cybersecurity threats. We care because, in addition to new requirements stemming from the soon-to-be-released report, her policies could influence the implementation of the new Massachusetts data protection law and existing data breach regulation. Both may have significant compliance effects on your business.
A former consultant with Booz Allen Hamilton, Hathaway has a reputation for concern about privacy. That was not a popular position under the Bush administration, where she had been working until Inauguration Day. Greater concern for privacy is good news, in general. How far she goes in mandating controls over data to ensure privacy will be the big question for organizations that must implement those controls.
Within the Bush administration, she was senior advisor to the director of National Intelligence and cyber coordination executive. She chairs the National Cyber Study Group, a senior-level interagency body that was instrumental in developing the Comprehensive National Cybersecurity Initiative (CNCI), aimed at improving the ability of the country to secure and defend its cyber infrastructure. In January 2008, Hathaway was appointed the director of the Joint Interagency Cyber Task Force, which coordinates and monitors the implementation of the broad portfolio of activities and programs that comprise the CNCI.