The federal official who led a 60-day review of the U.S. government's cybersecurity programs for President Barack Obama last week called for the White House to play a more direct role in coordinating national information security efforts.
Speaking at the RSA Conference 2009 in San Francisco, Melissa Hathaway, who completed her review on April 17, said that collaboration between the private and public sectors is needed to protect critical systems. But, she added, the task of leading cybersecurity efforts "is the fundamental responsibility of our government."
And in arguing for a larger White House role, Hathaway claimed that the government's leadership mandate transcends the purviews of individual agencies, none of which has "a broad enough perspective to match the sweep of the challenges." Based on her review, it's clear that the government isn't "organized appropriately" to address cyberthreats, Hathaway said. Many of the agencies that are involved have overlapping authority, she noted.
Hathaway's comments added to the growing chorus of voices calling for a substantial overhaul of federal cybersecurity processes.
Earlier this month, Sens. Olympia Snowe (R-Maine) and Jay Rockefeller (D-W.Va.) introduced legislation to give federal officials new powers to set security standards and policies for agencies and key industries. A companion bill would create a cybersecurity office within the White House.
The bills are largely based on recommendations made by a commission set up by the Center for Strategic and International Studies. Tom Kellerman, a vice president at Core Security Technologies and a commission member, said last week that White House leadership is "paramount" to the success of cybersecurity efforts.
In another RSA speech, Lt. Gen. Keith Alexander, director of the National Security Agency, said the NSA isn't looking to take control of the national cybersecurity agenda, as some have claimed. Instead, the spy agency wants to work with the Department of Homeland Security to provide the "technical support" needed to combat cyberthreats, he said.
This version of this story originally appeared in Computerworld's print edition. It's a modified version of an article that first appeared on Computerworld.com.