Symantec Symposium: Assessing Challenges For Cybersecurity Policy

Speaking at Symantec's Government Symposium in Washington, D.C., Hathaway explained the different areas of the 60-day Cyberspace Policy Review and said that her team will be examining how to adjust laws and regulations that often contradict one another when it comes to cybersecurity threat response.

"We can no longer talk about the public and private partnership," Hathaway said during her lunchtime keynote address. "We have to activate it."

Hathaway, who confirmed last week that she was in the running to be the White House's first cyberspace coordinator, told Symantec attendees that President Obama was personally overseeing the selection for the position and that the Obama administration, thus far, had demonstrated an "unprecedented level" of engagement by a presidential administration with regard to cybersecurity initiatives.

She added that her team would release a comprehensive national incident response plan for cybersecurity by the end of the year.

"You can expect a dialogue on this issue with the private sector," Hathaway said. "You will also see us working with Congress because many issues will require a legislative fix."

Hathaway's insistence on a cybersecurity policy that drew on both public and private sector entities echoed a similar message from U.S. Sen. Mark Warner (D-Va.) at a keynote earlier in the day.

Much of Symantec's Government Symposium was devoted to cybersecurity challenges as they relate to legislation, the role of public sector vs. private sector interests and how security is addressed throughout various government agencies.

Symantec CEO Enrique Salem told reporters in a media roundtable at the Symposium that Symantec was continuing to follow legislative developments related to security, but cautioned against cyber policy bills that might already be too soft by the time they're passed into law.

"The challenge is that something that is reasonable today might not be reasonable five or 10 years from now," he said. "Anytime you mandate technology, that's a problem."

Salem and Symantec's Federal Government Relations Manager Kevin Richards cited to reporters such bills as the U.S. ICE Act of 2009 (S.921). Sponsored by Sen. Thomas Carper (D-Del.), the bill calls for unifying "policies, procedures and guidelines for securing information systems and national security systems, establish security standards for government-purchased products and services, and for other purposes."

Conversely, Salem said, Symantec didn't see much teeth in the Rockefeller-Snowe bill introduced by Sens. John Rockefeller (D-W.Va.) and Olympia Snowe (D-Maine) on April 1 that focuses on creating public awareness of cybersecurity issues, protecting civil liberties and "fostering innovation and creativity in cybersecurity to develop long-term solutions."

Salem also mentioned the Federal Information Security Management Act (FISMA), which he described as more of a "checklist" given that it hasn't been updated in half a decade.

"It's time for FISMA to get updated," he added. "It needs to go beyond the paper exercise and become more operationalized."

Salem and other Symantec executives said the best cybersecurity legislation will move beyond the idea of hiding information from malicious threats and instead make cybersecurity functional across the public and private sectors.

"The cyber review -- we have to get on with this with a real sense of urgency," Salem said. "Some of the key pieces of legislation are moving, but let's not wait around for the cybersecurity czar. There are things that can be done right now."

Next: Better Information Sharing