White House may take control of cybersecurity

SAN FRANCISCO, CA – The White House should take direct control of US cybersecurity – with a little help from the private sector – according to the official who has just completed a national review of net security.

Speaking at the RSA conference in San Francisco, Melissa Hathaway said that net security posed “one of the most serious challenges of the 21st century”. She added, “We have witnessed countless intrusions that have allowed criminals to steal hundreds of millions of dollars and allowed nation- states and others to steal intellectual property and sensitive military information,” she said.

She urged security professionals and the private sector to join the government in efforts to secure the net. She said the job ahead was “a marathon, not a sprint but we have taken the first steps to make real and lasting progress”.

Hathaway, who is acting senior director for cyberspace for the National Security and Homeland Security Council, has just completed a 60-day review of cybersecurity for the President to determine how the government should restructure the way it handles the internet and security. The review is expected to be made public at the end of the month. Ms Hathaway said more detailed discussions will take place once the President and his administration had have an opportunity to digest her recommendations.

Hathaway declined to give any details of the review, but did present what she called her “60-day movie trailer”, which outlined a desire for collaboration between the White House, security experts and the private sector. She also called for a national dialogue to “help this critical conversation grow.”

Currently, non-military cybersecurity issues are handled by the US Department of Homeland Security, which has been charged with the creation of  a national response system for online attacks and a risk management program for critical infrastructure. But it has come under fire repeatedly from government auditors who said it was failing to fulfil its responsibilities and was unprepared for emergencies.

The announcement of the review led to speculation that the White House’s National Security Council or the National Security Agency would be handed more cybersecurity responsibilities.