Is she or isn’t she – America’s New Cybersecurity Tsarina?

By Kevin M. Nixon, MSA, CISSP^©, CISM^©, CGEIT^©

Information Security Resources staff had received an advance copy of the official White House Press Release (05/29/2009) and was all ears today during President Obama’s East Room remarks on the highly anticipated and long awaited release of the “Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure”. The report has become known as “The Hathaway 60-Day Report” in “homage” to Melissa Hathaway, the person President Obama picked as “Acting Senior Director for Cyberspace of the National Security Council (NSC) and the Homeland Security Council (HSC)”. Not only did the President bestow a title too long to technically print on a normal sized business card, also he gave her a the shortest runway I have ever seen to assemble recommendations, gain consensus, and publish a report for the Chief Executive. Just pulling together all agencies, departments, stove-piped information while overcoming all the turf battles can only be likened to attempting a huge worm wrestle.

Ms Hathaway accomplished the task and delivered the goods and so everyone anticipated that the President would recognize her “get it done” work ethic and also announce from the East Room today, her appointment as America’s Cybersecurity Tsarina. However, everyone holding their breath in the East Room today probably passed out from lack of oxygen. The President was blatantly and conspicuously silent on his appointment.

The President’s silence left everyone wondering “does she or doesn’t she” and left reports attempting to find any hints of the President’s plan. ISR think that we may be on to something. As POTUS stepped in front of the gathered experts, somewhere in the back offices of the White House there was a shadowy figure hunkered over a keyboard waiting for the exact moment to press enter and publish an article on the White House Blog. Could that person have even been sitting in the East Room audience with the President holding onto her three Blackberry devices just waiting for President Obama to give the secret word or phrase to “press the send” button?

We may never know, but President Obama did acknowledge Melissa Hathaway at about the same time that an article by her was posted on the White House Blog. What is noticeable is in Ms Hathaway’s article is her title in the article’s by-line. Gone is “Melissa Hathaway, Acting Senior Director for Cyberspace of the National Security Council (NSC) and the Homeland Security Council (HSC)”. The new by-line reads: Melissa Hathaway, Cybersecurity Chief at the National Security Council.

Which still leaves us wondering and waiting? Is the White House making new robes as the Catholic church does when a new Pope is elected or has Ms Hathaway been appointed “Camerlingo” (1^st runner up in a papal contest). Guess we will just have to wait. Melissa Hathaway’s Blog post “Security Our Digital Future” is re-published on the ISR website.

Securing Our Digital Future

Melissa Hathaway, Cybersecurity Chief at the National Security Council, discusses securing our nation's digital future:

Published: FRI, MAY 29, 10:00 AM EST -- The White House Blog

The globally-interconnected digital information and communications infrastructure known as cyberspace underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety and national security.  The United States is one of the global leaders on embedding technology into our daily lives and this technology adoption has transformed the global economy and connected people in ways never imagined.  My boys are 8 and 9 and use the Internet daily to do homework, blog with their friends and teacher, and email their mom; it is second nature to them.  My mom and dad can read the newspapers about their daughter on-line and can reach me anywhere in the world from their cell phone to mine.  And people all over the world can post and watch videos and read our blogs within minutes of completion.  I can’t imagine my world without this connectivity and I would bet that you cannot either.   Now consider that the same networks that provide this connectively also increasingly help control our critical infrastructure.  These networks deliver power and water to our households and businesses, they enable us to access our bank accounts from almost any city in the world, and they are transforming the way our doctors provide healthcare.  For all of these reasons, we need a safe Internet with a strong network infrastructure and we as a nation need to take prompt action to protect cyberspace for what we use it for today and will need in the future.

Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law.  The 60-day cyberspace policy review summarizes our conclusions and outlines the beginning of a way forward in building a reliable, resilient, trustworthy digital infrastructure for the future.  There are opportunities for everyone—individuals, academia, industry, and governments—to contribute toward this vision.  During the review we engaged in more than 40 meetings and received and read more than 100 papers that informed our recommendations.   As you will see in our review there is a lot of work for us to do together and an ambitious action plan to accomplish our goals.  It must begin with a national dialogue on cybersecurity and we should start with our family, friends, and colleagues.

We are late in addressing this critical national need and our response must be focused, aggressive, and well-resourced.  We have garnered great momentum in the last few months, and the vision developed in our review is based on the important input we received from industry, academia, the civil liberties and privacy communities, others in the Executive Branch, State governments, Congress, and our international partners.  We now have a strong and common view of what is needed to achieve change.   Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of democratic institutions requires making cybersecurity a national priority.

Technorati Tags: 2009,access,Kevin M Nixon,Anthony M. Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

LiveJournal Tags: 2009,access,Kevin M Nixon,Anthony M. Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

del.icio.us Tags: 2009,access,Kevin M Nixon,Anthony M. Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

IceRocket Tags: 2009,access,Kevin M Nixon,Anthony M. Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack

BuzzNet Tags: 2009,access,Kevin M Nixon,Anthony M. Freed,best practices,bypass,compliance,computer,confidential,consumer product liability,control,Costs,criminal,cyber security,cyber-crime,cybersecurity,D and O liability,Data,due diligence,Economy,electronic database,Finance,Financial,Financial Identity,Financial InfoSec,Gene Kim,governance,Infoduciary,Infofiduciary,Information,Information Fiduciary,Information-Security-Resources.com,InfoSec,infrastructure,Internet Security Alliance,Intrusion Detection Engines,ISR,Kevin M. Nixon,Laura Wilson,law,legal,liability,mandates,national security,News,outsourcing,privacy rights,protocol,regulations,regulatory,risk,Sarbanes-Oxley,Security,SOX,statutes,System,systems,third party,Tripwire,valuation,vendors,zero day attack