Melissa Hathaway, who spearheaded the national cyber-security audit, reveals few report details but says more information is on the way.
Melissa Hathaway, acting senior director of cyber-security for the National Security and Homeland Security Councils, talked at length on April 23 about public-private collaboration and threats to national information security at the annual 2009 RSA Conference in San Francisco. But she divulged scant concrete detail about what everyone wanted to know - the results of her 60-day review assessing the federal government's cyber-security policies and procedures.
Hathaway delivered a well produced and well written speech before a hall crowded with hundreds of journalists, government personnel and industry representatives. She said results from her cyber-security assessment would be released in the coming days, but spoke more about her team's auditing processes than actual findings.
"When the report is made public, you will see that there is a lot of work for us to do together in an ambitious action plan to accomplish our goals," Hathaway said.
But before she began, the audience was surprised by a comical bit of staged flair.
Seconds after Hathaway started talking, a monotone and commanding voice interrupted her over the sound system and spoke to her while music from the '60s spy show Mission Impossible played in the background.
"Good Morning, Melissa Hathaway," it said, before telling her - and the audience -about how the world's digital infrastructure is threatened by criminals and terrorists and that her mission, should she choose to accept it, is to assemble a team of experts and devise a strategy for the common good.
"You'll need to engage all of your allies across the private sector, government and foreign governments. Please begin immediately. This BlackBerry will self-destruct in 60 days. Good luck."
By "this" BlackBerry, it meant hers.
The mock interruption garnered laughter from the audience before Hathaway got down to business.
"The United States really is at a crossroads," she said." The global interconnected digital information and communications infrastructure known as cyber-space underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety and national security."
Her roughly 20-minute speech, which had quotes from Edgar Allen Poe poetry, highlighted the threat from terrorists and even governments that plague us, including "countless intrusions that have allowed criminals to steal hundreds of millions of dollars and allowed nation-states and others to steal intellectual property and sensitive military information."
She referenced how 130 ATMs around the world were robbed in a 30-minute period during a November 2008 incident where dozens of faux cashiers used cloned bank cards to withdraw money from various teller machines. The thieves stole $9 million using identity information stolen by hacking into the RBS WorldPay computer network.
Hathaway said that the essence of cyber-wrongdoing has been captured by movies like War Games, The Net, Sneakers and Live Free or Die Hard, the fourth film in the Bruce Willis action franchise.
Hathaway's team finished its cyber-security review April 17. She called the task -- which lasted 60 days and included weekends -- the most challenging of her career.
"In our first week, we inventoried relevant presidential policy directives, executive orders, national strategies and studies from government advisory boards and private-sector entities," she said.
Her team of public- and private-sector experts inventoried information from agencies on their cyber-activities and capabilities.
"Scores of legal issues emerged during this review, such as the aggregation of authorities, data sharing with third parties within the federal government and liability protections for the private sector. We successfully engaged a wide array of stakeholders inside and outside of the federal government, including some of you here today."
These stakeholders included state government, academia, the civil liberties and
privacy communities, international partners, the legislative branch and other sectors of the executive branch.
"The public and private sectors' interests are intertwined with a shared responsibility for ensuring a secure, reliable infrastructure upon which businesses and government services depend. Information is key to preventing, detecting, responding to and recovering from cyber-incidents," Hathaway said.
She asked local and national governments to work together to change existing norms and lead the way in enhancing cyber-security, sooner rather than later. If they don't do it, no one else will.
"If not us, then who? And if not now, then when?" she asked.
The White House announced Hathaway's appointment to her current position and her 60-day task in a February 9, 2009, press release. Her resume includes consulting for Booz Allen Hamilton, a strategy and consulting technology firm, and working as senior adviser to former Director of National Intelligence Mike McConnell.