Why No Cybersecurity Coordinator, Yet

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

A good example of that would be how the Internet actually works, with different root servers and that your e-mail can go anywhere around the world just because everybody has generally agreed to the same standard.

The second example would be the world wide web or USB devices; everybody is designing their computers so that you can stick a USB into the computer and allow for the easy movement of data.

There is another set of international bodies that are then talking about policy formulation and policy synchronization as well as behavior, and in and on that telecommunications backbone and/or the Internet. And that includes military and law enforcement organizations like NATO and the UN, Organization of American States as well as economic forums like Asia Pacific Economic Cooperation, Organization for Economic Cooperation and Development or Group of Eight

If you start to think about all of these different international bodies that are determining or working together to try to determine what is a crime in cyberspace or on the Internet and what is an active war or active aggression and how should we all work together internationally to enable and ensure that that global backbone can enable our global economies respectively, it is very important to work the international sphere. The United States can't do it alone and our private sector can't do it alone. It certainly has to be an international approach to moving everybody's security posture into a better place.

CHABROW: Who is the greatest threat to our country? Are they criminals? Are they nation states? Are they terrorists?

HATHAWAY: There is a wide range of people and/or entities that are able to do harm to either our networks or our enterprises and ranges from just individual hackers to organized crime to terrorist organizations to nation states. Right now, it is a very low bar to entry, even the distributed denial of service attacks that the United States and other countries experienced in July, we are not all that sophisticated but they definitely reeked a fair amount of havoc.

CHABROW: You worked in the White House. Why do you think that we have yet to have a cybersecurity coordinator?

HATHAWAY: The cybersecurity coordinator has got to have a unique set of skills that have both national security background and an economic security background or an appreciation of the economics. There are just not that many people who have that kind of resume and have the experience within government and within the private sector that is going to be necessary to help really lead both the government and the private sector forward as what is needed for the president.

CHABROW: Are we harmed at all by not having one yet?

HATHAWAY: Certainly, if there was a champion and an advocate within the government right now that could be out more aggressively working with the private sector, that that would be helpful to galvanize things. Certainly, we don't have the momentum that we could currently.

CHABROW: Some would say maybe partly Homeland Security is doing some of that right now, the Secretary Napolitano and other top aides there in the cybersecurity area seem to be very vocal and seem to be taking the ball and moving with cybersecurity as something that the whole nation should be concerned about.

HATHAWAY: Certainly, the Department of Homeland Security is doing a great job. October was Cybersecurity Awareness Month where they held many forums, in and out of the government and in the private sector, to raise awareness. The Department of Defense is moving forward in the establishment of cyber commands and there are other parts of the government, the Department of Commerce has just elevated and appointed somebody for setting the standards within NIST. So the government is moving out on a number of different areas, but sometimes you need a coach or the team lead to help get everybody continuing to work toward specific goals. I think that is something that we need. but in the meantime everybody is doing their parts, which is good.

CHABROW: Sen. Susan Collins of Maine, as you know, is the ranking Republican on the Senate Homeland Security and Governmental Affairs Committee, has proposed establishing the senior cybersecurity adviser position within the Department Homeland Security, although it would be confirmed by the Senate. She said that person would be looking over the federal government's non-military cybersecurity coordination and would also advise the president. Do you think it is a good idea placing that position in Homeland Security?