President To Release Report on Cybersecurity Review
President Barack Obama will release the long-awaited report on U.S. cybersecurity policy on Friday, May 29. It is expected to include recommendations that a director for cybersecurity be established in the White House, probably as part of the National Security Council.
"The administration recognizes the very serious threats public- and private-sector networks face from cyber crime and cyber attack," White House Press Secretary Robert Gibbs said on Tuesday. "Recognizing these threats, the president has elevated cybersecurity to a major administration priority, undertaking the early comprehensive interagency review."
The president ordered the 60-day review in February, tapping Melissa Hathaway to conduct it as acting senior director of cyberspace for the National Security and the Homeland Security councils. The study was completed April 17 and has been under review by the president's staff.
Hathaway said shortly after completion of the review that the report would recommend that the White House take a leadership role in the nation's critical infrastructure. Protecting the nation's information infrastructure is a task that transcends agency jurisdictions and government authority, she said. "It requires leading from the top, from the White House," and from the senior level of every agency and every state and local government.
Hathaway called the 60-day period of the review -- which included Saturdays and Sundays -- the most challenging of her career. Her team reviewed more than 250 executive orders, policies and advisory reports on cybersecurity, held 40 meetings with stakeholders and reviewed more than 100 papers.
Hathaway said the United States is at a crossroads and that the global information infrastructure is neither secure enough nor resilient enough for the ways it is being used. Dealing with security piecemeal and as a standalone issue has not provided a secure infrastructure, she said, and attempts to deal with cybersecurity in isolation have failed. She is recommending a greater level of cooperation among governments, and between government and the private sector.
The report is expected to offer a high-level overview of cybersecurity needs, covering a lot of ground but not in a great deal of depth. Hathaway described it as the first steps in a marathon, "the beginning of the beginning."
Although policy is expected to be directed from the White House, the operational roles of specific agencies, particularly the National Security Agency (NSA) and the Homeland Security Department (DHS) , have not yet been spelled out. In general, NSA oversees security of the nation's military and national security infrastructure while DHS takes the lead in civilian networks.
"The administration is also committed to establishing the proper structure within the government to ensure cybersecurity issues continue to receive top-level attention and enhanced coordination," Gibbs said.
The director of the NSA said in a speech in April that his agency has no ambitions to be in charge of the country's cyber infrastructure.
"We do not want to run cybersecurity for the United States government," said Lt. Gen. Keith Alexander, who has been at NSA for four years. "That's a big job. We need a team to do it."
He said DHS is a necessary part of that team and discounted the rumors of competition between the two organizations for cyber primacy.
William Jackson is the senior writer for Government Computer News (GCN.com).