Academia, government and the private sector need to come together in the name of cyber-security-that was the message Melissa Hathaway brought to this year's RSA Conference in San Francisco.
Hathaway is acting senior director for cyberspace for the National Security and Homeland Security councils, and was tasked by the Obama administration with heading up a 60-day review of the government's cyber-security posture. Though she did not go into the specifics of her findings, she described securing cyberspace as one of the most serious economic and national security challenges the government faces.
"The United States really is at a crossroads," she told the audience of conference attendees.
Her comments came a day after NSA Director Lt. General Keith Alexander told conference attendees in his keynote that the NSA did not want control of cyber-security for the United States. Like Hathaway, he called for partnerships between his agency, the U.S. Department of Homeland Security and the industry to help solve the challenges of securing the Internet.
Hathaway said the Obama administration must lead the way on these issues, and that international cooperation is required as well.
"Cyberspace knows no boundaries," she said.
Details of the report will be made available after the Obama administration has had a chance to review the findings, she said. But between media reports of attacks on the electric grid in the United States and the cyber-theft of terabytes of data tied to an expensive weapons program, some in the security community expect the report to show that cyber-security-to say the least-needs work.
"I fully expect the report to show that U.S. cyber-security-specially on networks which are considered to be "critical infrastructure" (e.g., sensitive data networks, power, water, other SCADA systems)-needs much improvement, better coordination and better leadership," said Paul Ferguson, senior threat researcher at Trend Micro, in an e-mail interview with eWEEK before the conference. "Having worked in U.S. military communications security for a number of years, there is certainly ways to protect sensitive networks by first applying the 'air-gap principle'-in other words, if it is worth protecting, it is worth not connecting to the Internet."