President Obama ordered a 60-day review of federal government cybersecurity initiatives, to be led by former Bush-administration aide Melissa Hathaway, the White House said this week.
This review will study how data is protected at the federal level and will determine a framework for coordinating efforts with the private sector and Congress.
Hathaway has served as the senior adviser for cybersecurity at the Office of the Director of National Intelligence (DNI), tasked with implementing former President Bush's largely classified National Cybersecurity Initiative.
For the review period, Hathaway will hold the title of acting director for cyberspace for both the National and Homeland Security councils.
“The national security and economic health of the United States depend on the security, stability, and integrity of our nation's cyberspace, both in the public and private sectors,” said John Brennan, assistant to the president for counterterrorism and homeland security, in a White House news release.
Brennan added: “The president is confident that we can protect our nation's critical cyberinfrastructure, while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties.”
U.S. Rep. Jim Langevin, D-R.I., told SCMagazineUS.com Tuesday that he wanted the administration to immediately adopt recommendations delivered in December from the Commission on Cybersecurity for the 44th Presidency, a body he co-chaired and which was established at the end of 2007 to advise the next president on digital security.
But he said he understands that the administration wants to take a step back and examine how to best address cybersecurity.
“It is my hope that at the end of the 60 days we will have a robust strategy as to how we will combat the cybersecurity threats now and for how we go forward,” Langevin said.
Langevin said he spoke with Hathaway on Monday and he offered his support and encouragement to her.
“She's excited about the new role, though she realizes there are great challenges,” Langevin said.
Amit Yoran, former director of the National Cybersecurity Division in the Department of Homeland Security, told SCMagazineUS.com Tuesday that Hathaway's review should yield more transparency.
The program that she headed under the Bush administration was broadly criticized as "over-classified" and the activities were very intelligence-community focused, said Yoran, now CEO of network security monitoring firm NetWitness.
While certain parts of the nation's cyberinitiative should be classified -- offensive capabilities for example -- the vast majority must be unclassified if the government is going to work effectively with the private sector, he said.
The threat to our physical infrastructure is growing more sophisticated every day and strengthening the nation's cybersecurity posture will require a new and reinvigorated public/private sector partnership. That's because most of our nation's critical infrastructure -- power grids, Internet infrastructure, SCADA systems -- is in private hands, John Edwards, president of IT solutions provider, Agilex Technologies' intelligence, security and defense sector business told SCMagazineUS.com in an email.
“The 60-day review symbolizes a paradigm shift away from the reactive posture of yesteryear to a proactive risk assessment philosophy,” said Tom Kellermann, a member of the cybersecurity commission and vice president of security awareness at penetration-testing software and services vendor Core Security Technologies.