With the results of Melissa Hathaway’s 60-day cybersecurity review set for release any moment now, questions are swirling as to its specific findings — and recommendations. Hathaway provided a few clues — or what she called “the 60-day movie trailer” — the other day at the RSA Conference, an annual gathering of internet security experts held in San Francisco. Calling cybersecurity “one of the most serious economic and national security challenges of the 21st century,” Hathaway stated that “harmonized innovation” was essential to strengthening cybersecurity. The private sector, she added, has a key role to play in that effort. Among the key takeaways of Hathaway’s remarks:
* The 60-day review will provide a roadmap for tackling cybersecurity. The report, which wrapped up April 17 and will be released as soon as President Obama and his administration have reviewed it in depth, “outlines the beginning of a way forward in building a reliable, resilient, trustworthy digital infrastructure for the future,” said Hathaway. “When the report is made public you will see that there is a lot of work for us to do together and an ambitious action plan to accomplish our goals,” she added, referring to the various perspectives offered by academia, industry, and other governments in the report.
* The White House must take the cybersecurity lead. The current approach to cybersecurity is untenable, said Hathaway. “It can be said that the federal government is not organized appropriately to address this growing problem because responsibilities for cyberspace are distributed across a wide array of federal departments and agencies, many with overlapping authorities — and none with sufficient decision authority to direct actions that can address the problem completely,” said Hathaway. The cybersecurity problem, she added, “requires leading from the top — from the White House, to departments and agencies, state, local, tribal governments, the C-Suite, and to the local classroom and library.” The report will articulate recommended changes in organizational structure from the White House on down.
* Public-private partnership essential in strengthening cybersecurity. Private industry is among those with a key role to play in strengthening cybersecurity. “You will see your influence in our report when it is released in the coming days,” said Hathaway, adding, “Government and industry leaders, both here and abroad, need to delineate roles and responsibilities, balance capabilities, and take ownership of the problem to develop holistic solutions … only through such partnerships will the United States be able to enhance cybersecurity and reap the full benefits of the digital revolution.”