Pressure on Obama to move fast on cybersecurity appointment
Hathaway resignation shines focus on newly created post
Computerworld - Melissa Hathaway's resignation from her role as acting senior director for cyberspace at the National Security Council is likely to increase the pressure on the Obama administration to quickly appoint someone to serve as the White House cybersecurity coordinator.
The coordinator's position was created by President Obama in May to oversee the development and implementation of a governmentwide cybersecurity strategy. Although eight weeks have passed since Obama's announcement, the White House has yet to name anyone for the job.
Hathaway's resignation is likely to heighten the urgency to do so, however, analysts said.
"Her leaving raises the priority for the president," said Alan Paller, director of research at the SANS Institute in Bethesda, Md. So long as Hathaway was around, the need to find someone more permanent was less urgent, he said. That situation has now changed.
The Wall Street Journal yesterday reported that Hathaway had resigned from her role as the Obama administration's top cybersecurity official for personal reasons. Hathaway had also said she no longer wanted to be considered for the White House cybersecurity post for the same personal reasons, the Journal reported.
Hathaway, a former Bush administration aide, was working as cybercoordination executive for the Office of the Director of National Intelligence (ODNI) when she was appointed to her new role by President Obama in February. She was directed to conduct a 60-day review of government-wide cybersecurity preparedness, which she completed in April. Hathaway's much-anticipated report formed the basis of Obama's announcement of a new cybersecurity strategy in May and his plans to create a White House cybersecurity office.
The fact that he has yet to name anyone to the post -- despite the administration's self-professed focus on information security matters -- illustrates the challenge of finding someone willing to take on the job.
One of the biggest problems is the way the role is defined. When Hathaway and others in the security industry called for the creation of a White House cybersecurity post, the idea had been to establish an office that would have the clout needed to influence and enforce security changes in the government. What emerged, however, is largely seen as more symbolic than hands-on.
"The position as set up is designed more for bureaucracy and empire building, not driving change for the better of cybersecurity," said John Pescatore, an analyst with Stamford, Conn.-based Gartner Inc. "It really does need someone who is more interested in the political and visibility aspects, not the heavy lifting" required for better security.
The problem, according to Pescatore and others, lies with the fact that the new office reports both to the National Security Council and the National Economic Council. "It is really set up to be a liaison kind of position, put inside the National Security Council," he said, with no real power other than to coordinate between federal agencies.
Even so, agencies such as the U.S. Department of Homeland Security and the National Institutes of Science and Technology will continue to shoulder much of the cybersecurity burdens, he said. "...I'm sure part of the problem is finding someone to take the position as defined."
Hathaway's resignation, though, could be a sign that a White House announcement could come soon, added Paller. "I think Melissa left because the announcement of a different person is imminent," he said.
Karen Evans, the de facto federal CIO during the Bush administration, today praised Hathaway's contributions to federal cybersecurity. "Regardless of why she left, Melissa should be recognized for bringing cybersecurity to the forefront," Evans said. "She did what a lot of us, couldn't or wouldn't do. She should be commended for that."
Just because no one has been appointed to the White House job is no reason for federal agencies to stop implementing cybersecurity initiatives already under way. They should be moving forward on projects such as the smart card ID credential initiative and the Trust Internet Connection efforts that were launched during the Bush administration, she said.
"You need to keep an eye on who the policy makers are going to be," she said. "But you also want to make sure the operational parts are ready" to accommodate any policy changes that might happen.
Obama and tech
- China set to surpass U.S. in R&D spending in 10 years
- Outgoing federal CIO warns of 'an IT cartel'
- @whitehouse takes on Twitter Town Hall
- Obama's CIO quits
- Little new in Obama cybersecurity proposal
- Feds update IT plan following Obama's 'horrible' comment
- Obama's online trusted ID plan greeted with caution
- U.S. Census tech makeover includes 'oasis' for innovation
- Obama seeks big boost in cybersecurity spending
- QuickPoll: Is Obama's 98% 4G broadband coverage goal realistic?
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts