Hathaway preps for 60-day sprint to Obama's cyber-czar post
President Obama's likely appointment of Melissa Hathaway to the National Cyber Advisor post isn't just a nod to bipartisanship currently taking a battering on Capitol Hill, but an indication of the administration's new thinking.
Before she receives the official nod for the "cyber czar" post, though, Hathaway has a massive 60-day project ahead of her: a comprehensive review of federal cyber-security organization and strategy, focusing in particular on problems that need immediate fixing. To that end, she's attached to the National Security Council for the duration of the project. Any cyber-czar appointment would happen after that.
Hathaway's a former Bush appointee, serving as senior advisor to Mike McConnell, who was until last month the US Director of National Intelligence (and, during the Clinton administration, director of the NSA). She also served as director of the Joint Interagency Cyber Task Force (JIACTF) and heads the inter-agency National Cyber Study Group (NCSG), which recently released the Comprehensive National Cyber Initiative.
She's not the only person doing something along those lines, of course; at DHS, Janet Napolitano is doing a similar review. (The plot thickens: Advisors to President Obama have already recommended that cyber-security responsibility be eased away from DHS and into a senior-level NSC post, which Hathaway's temporary appointment is. Hathaway, meanwhile, defended DHS's cyber-security efforts at an ITAA panel last fall.) And the GAO of course looks at inter-agency security foibles on a regular basis. Hathaway will, however, be reviewing the very $30 billion initiative she helped to develop under the previous administration.
Hathaway was previously mentored by McConnell at Booz Allen Hamilton, where she focused on information operations strategies and long-range strategy and policy support. Before that, she worked at Evidence Based Research, a consultancy that specializes in data analysis and decision-making tools. She's an American University graduate and a graduate of the Armed Forces Staff College, Joint Information Warfare Staff and Operations Course.
Like many working security professionals, Hathaway keeps a relatively low profile, but she's spoken at various industry events in the past and has appeared before Congress on cyber-security issues over 150 times, often in classified briefings. She's also written on cyberspace for various publications, most recently in October for the McClatchy-Tribune News Service.
In an editorial titled "Safeguarding our cyber borders," Hathaway outlined the need for swift public-private action on cyberspace security: "We need stronger international alliances to share the responsibility for securing cyberspace. We must do more to convince our allies and strategic partners of the benefits to them of taking an active role.
"We also need a fundamental re-thinking of our government's traditional relationship with the private sector. A high percentage of our critical information infrastructure is privately owned, and industry needs to know what government knows about our adversaries' targets and, to the extent we understand them, their methods of operation. When it comes to cyber security, government and the private sector need to recognize that an individual vulnerability is a common weakness."
She's apparently a pretty effective speaker, too. Blogging for ExecutiveBiz last month, Brian Lustig recapped a breakfast talk Hathaway gave to a roomful of federal IT security execs: "I may never use my credit card again, but I certainly emerged from the breakfast with a better understand of how real and complex the cyber threat is."
Industry response so far this week has been positive, though some are worried that Hathaway hasn't got enough of the president's ear. On the campaign trail, then-candidate Obama promised to create the cyber-czar position; many observers say that unless that person directly reports to the President, progress on cyber-security simply won't be fast enough to handle the rising tide of threats.