Drumbeat Gets Louder For White House Control Of Cybersecurity
In her first public speaking engagement since being asked by the president to perform a two-month review of government cybersecurity response, Hathaway echoed a call that's rapidly getting louder throughout the security community: Give the White House more direct control over U.S. cybersecurity efforts.
"We have witnessed countless intrusions that have allowed criminals to steal hundreds of millions of dollars and allowed nation-states and others to steal intellectual property and sensitive military information," said Hathaway, according to Reuters and numerous other published reports of her remarks at RSA. The national effort, she suggested, is "a marathon, not a sprint, but we have taken the first steps to make real and lasting progress."
While Hathaway did not spell out the details of her 60-day review, she advocated a combined effort between the White House and the private sector to combat the rising number and increasing sophistication of national cybersecurity threats.
A number of RSA keynote speakers and security experts, including Symantec CEO Enrique Salem, both in recent months and this week at the conference, have recommended the White House create a cybersecurity czar-type position. In early April, Sen. John Rockefeller IV (D-W.Va.) and Sen. Olympia Snowe (R-Maine) introduced legislation to overhaul the country's governing policies for cybersecurity and its computer network infrastructure. They too asked for the appointment of a cybersecurity czar.
The push for a czar also comes a month and a half after Rod Beckstrom resigned from his position as director of the Department of Homeland Security's National Cybersecurity Center on March 6. At the time, Beckstrom said he felt his hands were tied because the National Security Agency "effectively controls" DHS' cybersecurity efforts.
A former director of the Federal Bureau of Investigation, Louis Freeh, said at the FOSE conference a week later that not only did he agree with Beckstrom's reasoning, but that it was indicative of a bigger problem: that government IT security efforts are too siloed and lack central leadership.