Obama taps Bush aide Melissa Hathaway to review federal cybersecurity efforts
President asks Hathaway, who led multiagency security initiative launched by Bush, to recommend changes in existing programs
Computerworld - Melissa Hathaway, a Bush administration official who is credited with helping to develop a multibillion-dollar classified initiative aimed at better securing federal systems and critical-infrastructure networks against online threats, has been named by President Barack Obama to lead a 60-day review of the government's cybersecurity efforts.
Hathaway was named acting senior director for cyberspace for the National Security Council as well as the Homeland Security Council. She has been tasked with conducting the governmentwide review of ongoing cybersecurity programs and developing recommendations for ensuring that they are aligned with government and private-sector needs, according to a statement released by the White House this evening.
A story posted online yesterday by The Wall Street Journal, quoting unnamed government sources, said that Hathaway was expected to be chosen to head up a new White House cybersecurity office after the review was completed. The statement about the review from the White House didn't address that possibility.
Hathaway has been working as a cybercoordination executive for the Office of the Director of National Intelligence (download PDF). She chaired a multiagency group called the National Cyber Study Group that was instrumental in developing the Comprehensive National Cyber Security Initiative, which was approved by former President George W. Bush early last year. Since then, she has been in charge of coordinating and monitoring the CNCI's implementation.
Amit Yoran, a former director of the U.S. Department of Homeland Security's National Cyber Security Division, said today that although Hathaway isn't very well known outside of Washington, she is a "known entity" within the federal cybersecurity community.
"She has been really charging and moving forward with CNCI for the past 24 months," said Yoran, who currently is CEO of NetWitness Corp., a vendor of network-traffic analysis tools in Herndon, Va. He also was a member of a commission, set up by the Center for Strategic and International Studies (CSIS) in Washington, that recommended major changes in the federal government's approach to cybersecurity in a report issued in December.
If the reports about Hathaway becoming Obama's cybersecurity chief are correct, she will have "pretty strong leverage" to influence policy and bring together various government entities as part of the CNCI, Yoran said. Her immediate assignment to review the work that has been done thus far as part of the initiative and other cybersecurity programs is a good idea, he added.
"Just because she has been managing it doesn't mean the direction she has taken shouldn't be reviewed," he said. The review is especially needed, according to Yoran, because much of the work that has gone on under the CNCI has been classified. "I wouldn't be surprised if there weren't some adjustments to the current portfolio that need to be made," he said, while noting that he also thinks "a lot of the activities that are under way" likely are aligned with national cybersecurity objectives.
Obama and tech
- Obama outlines cybersecurity plans, cites grave threat to cyberspace
- Obama's new cybersecurity direction wins praise
- Internet warfare: Are we focusing on the wrong things?
- Obama administration said to consider military cybercommand
- Obama taps Melissa Hathaway for federal cybersecurity review
- IT Blogwatch: Obama's CTO is Aneesh Chopra
- New federal CIO Vivek Kundra wants a Web 2.0 government
- Obama's plans for health care IT: Too much money too soon?
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts