Home > Uncategorized > Meliassa Hathaway on Cybersecurity in the Obama Administration: Is She on Track?

Meliassa Hathaway on Cybersecurity in the Obama Administration: Is She on Track?

Earlier this week I read a very interesting Washington Post article, “The cybersecurity changes we need,” by Jack Goldsmith and Melissa Hathaway. Goldsmith and Hathaway in essence argue that the US has become extremely dependent upon computing, but computing technology is becoming increasingly complex, and thus also more vulnerability-riddled. They claim that the Obama Administration is aware of the gravity of cybersecurity risks that the US faces and their potentially catastrophic consequences. Goldsmith and Hathaway reminded readers that just over one year ago “President Obama declared our ‘digital infrastructure’ to be a ‘national security asset’ and pledged to make it ‘secure, trustworthy and resilient’.” However, the authors claim that the President is hesitant to put in place appropriate control measures, including national cybersecurity standards, because he fears that they might hinder short-term economic recovery. Goldsmith and Hathaway then went on to say:
“This approach demands leadership from the White House and Congress that is difficult to muster in hard economic times. The lesson of the past two decades is that the nation will not get serious about cybersecurity until the costs of not doing so are more apparent — probably after some component of our economy is destroyed by a catastrophic cyber-event.”
Jack Goldsmith is an unknown entity to me (although I have very recently learned that he is a prominent Harvard professor), but the name Melissa Hathaway is very familiar to those who are aware of cybersecurity-related events during the George W. Bush Administration. Although she did not have any cybersecurity-related title of which I am aware, she was in effect President Bush’s cybersecurity advisor. She has a good reputation, too, and people who have worked with and for her generally report that they very much respect her vision, judgment and integrity. Rumor also has it that she could have been President Obama’s cybersecurity advisor if she had wanted to, but that she turned the offer to fill this position down (as a number of others reportedly also did).
Before I go any further, I would like to assure you that I am not taking political sides, nor is my intent to stir up the type of political frenzy and hostility that, unfortunately, has become a fixture in the American way of life in the 21st century. Presidents do good things and presidents also do bad things—no one is perfect. In pointing out the discrepancy between cybersecurity-related rhetoric and action in the Obama Administration, I believe Hathaway (and Goldsmith, too) to be not only completely accurate, but also in all likelihood not a bit politically motivated. But many information security professionals had high hopes that the current Administration was going to “turn the corner” with respect to cybersecurity. Unfortunately, major events (e.g., the worldwide recession, the massive BP-Amoco oil spill, and others) have constantly diverted this Administration’s focus to other critical issues.
Hathaway has spoken the truth, yet there is irony in what she has said. In pointing out the deficiencies of the Obama Administration’s posture concerning cybersecurity, she is in effect a pot that is calling the kettle black. She has said that the Obama Administration is not doing enough to protect government computing systems and data, but the same was also true of the George W. Bush Administration, where Hathaway had such a major say in cybersecurity policy and initiatives. She seems to have somehow already forgotten about the Titan Rain attacks, the massive infiltration of computers that were part of the Northeastern US power grid, and the constant surfacing of prolific new global worms such as Code Red, Slammer, Slapper, Blaster, Sasser, Beagle (Bagle), Sobig, NetSky, and many others that infected so many systems during her watch.
My hope is that the current Administration will put cybersecurity back on its priority list. Gigantic oil spills are catastrophic, but so are widespread, ongoing security compromises of US government and commercial computing systems initiated by foreign powers. It may, as Goldsmith and Hathaway have said, take something like destruction of some part of the US economy to wake the current Administration (as well as the entire nation) to the massive number and grave severity of cybersecurity risks that confront us. I hope not, but if this does happen, we certainly cannot say that we have not been adequately forewarned.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.