Obama's Cyber Czar Offers Few Details on Govt. Strategy

Those who were hoping to hear details today about how the Obama administration plans to revamp the government's approach to cyber security threats may have to wait a little while longer.

In a much-anticipated speech at the RSA security conference in San Francisco today, Melissa Hathaway, the White House's top cyber official, instead highlighted all of the meetings, studies, and recommendations that have informed the administration's 60-day cyberspace policy review, which was completed last week. But details about how the administration might seek to organize and streamline the government's cyber efforts were lacking.

Much of the coverage of the administration's cyber review has focused on the power struggle on cyber underway between the Department of Homeland Security and the National Security Agency. The Obama administration also is finalizing plans for a new Pentagon command to coordinate the security of military computer networks and to develop new offensive cyber weapons. Meanwhile, civil liberty advocates are concerned that the government's effort to define cyber security in broad economic and national security terms could sweep virtually every aspect of American life into the mix.

Hathaway seemed to acknowledge this tension in her speech:

Previous attempts to deal with cyber security in isolation have failed, in no small part, because they were perceived to be in conflict with the broader societal goals of progress and innovation, civil liberties and privacy rights. However, cyber security only succeeds in the context of broader economic progress. At times, it was a destination in itself, rather than a compass that guides us toward our objective. If treated in a broader context, cyber security will enable higher and far reaching national goals, have better acceptance, and as a result, a greater chance for success. Our goals depend on trust, and trust cannot be achieved if people believe that they are vulnerable to fraud and theft or if they cannot depend upon the resources (infrastructure services, i.e., water, power, telephone service) being available when needed most. At the same time, security has no meaning if the application that serves society no longer is practical or usable. Stated differently, progress and security must not viewed in a zero-sum fashion.

Hathaway did say more about the economic aspects of cyber (in)security than I've heard recently from a top government official, which is encouraging. The government's usual approach in discussing the nation's cyber threats is to couch the issue in cyber terrorism dimensions. However, early in her keynote, Hathaway made an apparent reference to a data breach last year at payment processor RBS Worldpay. In that complex, multi-stage attack, hackers were able to inflate the dollar value of stolen payroll cards that were then used by a small army of hired hands who made coordinated withdrawals of millions of dollars from ATMs around the world.

"One recent example from November 2008 illustrates both the speed and the scope of these challenges. In a single 30-minute period, 130 automated teller machines in 49 cities around the world were illicitly emptied. These and other risks have the potential to undermine our confidence in the information systems that underlie our economic and
national security interests."

YOU CAN USE QUICK SEARCH ENGINE IN THE TOP FOR MORE DOWNLOADS OR DETAILS.