Hathaway Outlines Cybersecurity Review, Coordinator Position
Potential federal cybersecurity coordinators are being interviewed now, and the coordinator should be in place within the next few weeks, said Obama administration cybersecurity reviewer Melissa Hathaway. At the Center for Strategic and International Studies, she outlined her team’s approach to the president’s 60-day review of cybersecurity policy. A civil liberties and privacy officer should also be in place, perhaps in July, she said. The coordinator position has “yet to be defined,” she said, but the report recommends the coordinator have the ability to affect budgets by working with the Office of Management and Budget. The coordinator would also be the lead for policy development.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Hathaway emphasized the amount of coordination that remains to be accomplished -- across private sector and public sector lines, across international boundaries and within the government itself. “Nobody has full visibility” on their architecture and interdependency vulnerabilities, she said. During the review, she said, the team identified more than 80 legal issues that must be resolved, including how to define use of force in cyberspace and how the Fourth Amendment search and seizure protections mesh with third- party data storage. There are still barriers to public- private partnership, she said, including a persistent perception that with the Freedom of Information Act, proprietary information can’t be protected. There are even barriers to the private sector working amongst itself. Industry got together to work on patches to the Conficker virus in a better fashion than government, which was late to act, she said. But the effort “was a perceived anti-trust violation,” Hathaway said. If the country is to protect its infrastructure, then it needs “the law to migrate to the 21st century.”
Within government, there needs to be a more unified front. Internationally, the U.S. is represented in various forums by the departments of Commerce, Justice, Defense or State, or the U.S. Trade Representative -- or some combination, Hathaway said. Domestically, the team found that federal funds sent to the states for cybersecurity were sometimes used for other homeland security needs perceived to be more important.
This cybersecurity report is different than past reports, Hathaway said, first because of the President Barack Obama’s personal interest in the topic. The report is also different because it includes economic security issues, rather than focusing solely on national security, she said. It also looks beyond simply government networks, she said. Hathaway also said the report fits with Obama’s emphasis on transparency -- it’s almost entirely unclassified, she said, and was completed in an open process of consulting with academia, experts, civil liberties groups and others.
The Internet hasn’t been defined as a communications medium, Hathaway said. Unlike telephones, for which certain federal officials have priority during national emergencies, there’s no such priority on the Internet, she said. It’s taken more than 150 years of technological innovation to get to this point, and with each technological change, a different agency has been given authority, she said.