RSA: Hathaway says securing cyberspace will take time
A President Obama-ordered 60-day cyberspace policy review is completed, and the report will show that cooperation is needed to meet the challenging task of securing the nation's digital infrastructure, the official in charge of the project said Wednesday at the RSA Conference.Melissa Hathaway, acting senior director for cyberspace for the National Security and Homeland Security councils, said the findings of the review will be released in the coming days after the Obama administration reviews them.
While Hathaway remained tight-lipped about the specific contents of the report, the theme, as many assumed, will be cooperation -- a sentiment that repeatedly has been echoed this year at the annual security conference in San Francisco.
"We need an agreed-way forward based on a common understanding and acceptance of the problem," she said.
She stopped short of defining roles but said the report will call for a White House-led architecture that will seek partnerships and collaboration among a number of federal agencies, private sector, academia and foreign countries. In addition, the report will detail how successful cybersecurity depends on investment in research and development to create "game-changing technologies," she said.
The report identified 250 "needs, tasks and recommendations," she said.
"You will see that there is a lot of work for us to do together," Hathaway said. "Cyberspace won't be secured overnight or on the basis of one good plan...We need to be mindful of how we, government and industry together, can optimize our collective research and development dollars and work together to improve market incentives for secure and resilient hardware and software products, new security innovation, and secure managed services."
Some attendees said afterward they were expecting more concrete findings and recommendations.
"It was a pretty consistent message we've been hearing," said Jerry Dixon, the director of analysis at Team Cymru, and the former director of the National Cyber Security Division at the Department of Homeland Security. "I thought a lot more information would come out of this talk."
Specifically, Dixon said he is interested in learning how the government plans to get a handle on critical infrastructure sectors' level of exposure to major vulnerabilities.
But Dixon said he was pleased to hear Hathaway address the importance of tapping the private sector, which owns and operates most of the nation's information systems.
"That's where the brain trust is," he said. "The key part is that there's got to be transparency."
