Cybersecurity battle needs ‘sense of urgency,' expert says

Print this page E-mail this article The federal government is losing "the sense of urgency" in the cybersecurity battle, says the author of the Obama administration's 2009 cybersecurity report.

Melissa Hathaway, former acting cybersecurity chief, said private and public organizations must work together and take "bold steps forward" to protect vital computer systems and restore that sense of urgency. The discussions over how best to secure the government's networks can't take place just in Washington but should be a national dialogue, she said.

"We need to have a lot more people outside the Beltway talking about what's happening and what they're going to do about it. We need to tell simple stories [about cybersecurity] so everyone can talk about them at the water cooler and dinner table, and relate to them," she said.

Hathaway, now a cybersecurity consultant, received the Internet Security Alliance's Dave McCurdy Internet Security Award on Tuesday, honoring her work in conducting the administration's cyberspace policy review. The review, released last spring, called cyberspace a "strategic national asset" and said more investments in education and technology are needed to protect critical systems.

The review also called for the creation of a White House cybersecurity coordinator, or "czar." Obama named Howard Schmidt, the Bush administration's cybersecurity chief, as the cybersecurity czar in December.

Schmidt is well-qualified for the job, Hathaway said at the award presentation in Washington. She called the cybersecurity czar the "quarterback" harnessing the government's abilities to respond to cyber attacks. Schmidt will need to make himself known around the White House in order to build his influence and secure needed funding, she said.

"The strongest ally that person needs is within the Office of Management and Budget. That's an important partnership to have because that is where all things begin and end with the budget," she said.

Hathaway said interagency communication is crucial to sharing best cybersecurity practices and recognizing possible cyber attack patterns, but some officials may be hesitant to share information for fear of bad publicity.

"How can we be sure sharing vulnerable data from one agency to another will be kept confidential and not appear in news outlets the next day?" she asked. federaltimes