Larry Clifton, Melissa Hathaway

The Obama administration’s new cybersecurity proposal could create counterincentives against better private-sector cybersecurity, according to Larry Clinton, president of the Internet Security Alliance.

Released last month, the White House proposal mandates that the parts of private-sector that operates critical infrastructure would be audited using a range of performance standards. The audits would be publicly available, FierceGovernment IT reported.

However, Clinton said the new framework does not take into consideration the evolution of  cybersecurity and the stealthy nature of certain threats.

Today’s threats “go into your system and they hide,” he said, speaking before a June 24 House Homeland Security subcommittee on cybersecurity, infrastructure protection and security technologies. Businesses need incentives to be on the lookout for malware, without the disincentive in the form of publically published audit results.

The harder a company looks for a problem, “the more likely they are going to be named and shamed for finding it, we’ve created exactly the wrong incentives,” he said.

Clinton also recommended a federal revolving fund to stimulate growth of cyber threat insurance. Today, the federal government absorbs all the risk of a major cyber event, he said, and in the event of a web-based attack taking down a major part of the infrastructure, Congress would be stuck with the bill.

During the hearing, Melissa Hathaway, president of Hathaway Global Strategies and former White House cyber official, criticized the White House proposal for the regulatory role over industry cybersecurity it could create for the DHS.

“Inserting DHS into a regulatory role in this context dilutes its operational and policy responsibilities and likely distracts from the nation’s security posture,” she said.

Photo: Jennifer Jordan-Harrell

Before deciding how to react to a cyber attack, the United States needs to implement standards to determine what is acceptable and unacceptable behavior in cyberspace, according to a former White House cyber official.

In an interview with The Takeaway, a national morning news program hosted by BBC World Service, The New York Times and WGBH Boston, Melissa Hathaway, president of Hathaway Global Strategies and former acting senior director for cyberspace at the National Security Council, discussed the ramifications of a digitally implemented attack.

Increasingly over the last decade, energy and power grids have been moved from isolated networks to more Internet-based networks for the purpose of efficiency and reducing costs. An attack or disruption of those networks produces a ripple effect,  creating vulnerabilities throughout U.S. society.

“If you lose power, it affects all sorts of essential services,” Hathaway said. Those services, among others, she said, include water and the ability to communicate.

When asked about how the Pentagon and Washington cyber planners view cyberwarfare, Hathaway spoke of the connection between cyberspace and the economy.

“Cyberspace affords anonymity, and is generally borderless,” she said. “As the different governments around the world are debating how best approach it, the thing that they know for certain is that states play key roles in securing cyberspace because securing the cyberspace is really securing the economy.”

Recent discussions following cyber attacks on government and industry alike have questioned the best approach to take in the event of a large-scale cyber attack, and whether the U.S. should respond with conventional warfare. But before even contemplating response strategies, Hathaway said there first needs to be a broader framework in place to begin talks  on what is acceptable and unacceptable behavior in cyberspace, as well as define the terms so everyone speaks the same language.

“Once have that, you can have economic, diplomatic, military and the whole gamut of different types of response strategies,” Hathaway said. “But first, you need really the methodology by which to begin the conversation of what’s acceptable and what’s unacceptable.”

When asked who the perpetrators in cyber are, Hathaway declined to identify one specific nation or group.

“It’s hard to point fingers — over 100 nations have cyber capabilities and the attacks, whether they are from a hacker or whether it’s espionage, or whether it’s a broader based state-sponsored weaponization, there are many involved in this, which is why many need to participate in the conversation to address this and ensure it won’t escalate,” she said.

Vint Cerf, Google; Photo: Veni Markovski

The Air Force Association‘s newest event, the CyberFutures Conference and Technology Exposition, will explore cyberspace with energetic discussions, the latest in IT and education and a career fair for job seekers.

AFA has teamed up with military-to-civilian recruitment firm RecruitMilitary to host a career fair April 1 that will feature prominent aerospace/defense firms. Many companies will be recruiting for cyber-tech openings as well as other available opportunities

Representatives of educational institutions will be on-site to discuss their courses in cyber technology and other course and degree options. The career fair will be free and open to everyone interested in pursuing a career in cyber technology and related fields.

Held March 31-April 1, 2011, in National Harbor, Md., the CyberFutures Conference themed “New Strategies for a New Domain” will focus on the challenges cyberspace brings to every organization. Speakers will include Google’s Internet evangelist Vint Cerf, Melissa Hathaway and Paul G. Kaminski, among others. FBI Assistant Director of the FBI’s Cyber Division Gordon M. Snow will kick off the event with a speech on the 21st-century cyber threat.

Invited but yet not confirmed speakers include Richard A. Clarke, Bob Butler, Lt. Gen. Jeffrey Sorenson, Vice Adm. David  Dorsett, Jeff Moss and Nitin Pradhan.

Panel discussions and speeches will focus on topics such as cyber deterrence, industrial cybersecurity, smartphone wars, emerging threats and initiatives for cybersecurity education. Event participants will learn about the risks and vulnerabilities associated with operating in a cyber world full of hackers, bad actors and technological complexities, as well as how to mitigate those risks and defeat vulnerabilities.

Online registration is available now on the event website.

Melissa Hathaway

Cybersecurity expert Melissa Hathaway will be delivering a keynote speech at the Potomac Officers Club luncheon held March 24.

Hathaway, who’s currently president of Hathaway Global Strategies, LLC, and senior adviser at Harvard Kennedy School’s Belfer Center, previously served as acting senior director for cyberspace in the National Security Council, where she lead a team of cyber experts in Obama’s 60-Day Cyberspace Policy Review.

During the Bush administration, she served as cyber coordination executive and director of the Joint Interagency Cyber Task Force in the Office of the Director of National Intelligence.

Hathaway is a member of the board of directors of Terremark Worldwide Inc., EastWest Institute and the Global Cyber Security Center in Italy. She also is a member of the Intelligence Advisory Board for Sandia National Laboratory and serves as strategic adviser to ManTech International Corporation, NetWitness Corporation, Interpol and the U.S. government, among others.

In 2009, Hathaway wrote the white paper “Five Myths About Cybersecurity” for The New New Internet. Last year, she also spoke to The New New Internet about private-public partnerships and how those taking place in Brazil and Malaysia are working more effectively than they are in the United States.

Hathaway also provided her expertise on the topic of cloud computing in an article for GovInfoSecurity, highlighting five questions chief information officers and chief information security officers should ask when considering the risks and benefits of the cloud.

The luncheon will be held from 11:30 a.m. in Salon 1 at the Tysons Corner Ritz Carlton. Tickets are available here.

Melissa Hathaway

President of Hathaway Global Strategies Melissa Hathaway will be the keynote speaker at a symposium on Securing the Global Supply Chain to be held at Georgetown University in Washington, D.C., on Nov. 19.

Hathaway, who led President Barack Obama’s 60-day Cybersecurity Policy Review, will speak about potential private-public partnerships to secure the supply chain, as well as new procurement strategies. Securing the global supply chain is one of Obama’s priorities, as it has become so globalized and fragmented it could contain vulnerabilities at many levels.

This conference will also feature panel discussions with experts from the Department of Defense and Department of Homeland Security.

Those interested can register via email.

Melissa Hathaway

Cyber expert Melissa Hathaway will be delivering remarks at the Nov. 12 American National Standards Institute Caucus Luncheon held in Washington, D.C.

Hathaway serves as president of Hathaway Global Strategies, LLC, and as senior adviser at Harvard Kennedy School’s Belfer Center. She previously was the senior director for cyberspace at the National Security Council under the Obama administration, and served as cyber coordination executive and director of the Joint Interagency Cyber Task Force in the Office of the Director of National Intelligence during President George W. Bush’s administration.

Hathaway also spearheaded President Obama’s 60-Day Cyberspace Policy Review, gathering experienced government cyber experts to inventory relevant presidential policy directives, executive orders, national strategies, and studies from government advisory boards and private-sector entities.

The caucus will be held from 11:45 a.m. to 1:30 p.m. at the National Press Club in Washington, D.C.

Hathaway last year wrote a white paper for The New New Internet on the five myths of cybersecurity, which can be downloaded here.

Melissa Hathaway

The recent INTERPOL conference held in Hong Kong was an important step for the international, strategic environment to bring like-minded nations together to discuss information security, cybersecurity, and share effective practices for protecting key infrastructure, said Melissa Hathaway, president of Hathaway Global Strategies and former cybersecurity official.

Held Sept. 15-17, the event assembled industry leaders, academic experts and law enforcement representatives of the 188 INTERPOL member countries to discuss how to enhance global cybersecurity through international cooperation. Ronald K. Noble, INTERPOL’s secretary general, kicked off the conference with an opening address, highlighting how cyber crime is “the most dangerous criminal threat we will ever face.” Noble also revealed how cyber crooks had stolen his identity to open two Facebook accounts to obtain details of highly dangerous criminals.

Christopher Painter, senior director of cybersecurity at the U.S. National Security Council, delivered a keynote speech on the U.S. perspective on cybersecurity and international opportunities, and Jeffrey L. Troy, deputy assistant director of the FBI’s cyber division, spoke about international cyber crime and the strategies for threat reduction.

Hathaway, who helped facilitate the panel discussion on international information security strategies, formerly served as senior adviser to former Director of National Intelligence Mike McConnell. She also spearheaded the 60-day Cyberspace Policy Review, a strategic framework designed to ensure that U.S. government cybersecurity initiatives are appropriately integrated, resourced and coordinated with Congress and industry.

In reference to the conference’s heavy emphasis on global collaboration in fighting the cyber threat, Hathaway spoke to TheNewNewInternet about what many experts and industry insiders have been throwing around lately: private-public partnerships.

“[There are] private-public partnerships that are taking place in Brazil and Malaysia that I believe are working even more effectively than they are in the States,” she said. “I think that we have too many private-public partnerships that are not effective because the government is not focused in their efforts.”

In addition to inadequate focus, Hathaway said what keeps her up at night is that too many people don’t understand what happens in the cyber realm on a day-to-day basis, and how core intellectual property of the United States is being illegally copied and stolen on a daily basis.

An oft-quoted number, experts have estimated that one trillion dollars is lost in stolen intellectual property every year. However, with the exponential rate with which cyber crime is growing, Hathaway dismissed the number as lacking substantial quantitative background.

When asked whether she sees the number of attacks targeting specifically intellectual property increasing, Hathaway replied:

“The trend is definitely going up, [however], I don’t think anyone has been able to truly quantify how much has been lost.”

Howard Schmidt

Back in May 2009, President Barack Obama announced his intention to make cybersecurity an administration priority. The administration released yesterday a progress report on what the administration has accomplished to date.

The Cyberspace Policy Review, spearheaded by Melissa Hathaway, offered a number of recommendations for the administration to implement in the field of cybersecurity. The report recommended that the President create a Cybersecurity Coordinator position and a new Cybersecurity Directorate within the National Security Council. Back in December, President Obama made Howard Schmidt the White House Cybersecurity Coordinator.

The Cybersecurity Directorate is also preparing an update to National Security Presidential Directive 54 / Homeland Security Presidential Directive 23 (NSPD-54/HSPD-23), which established the CNCI.

The administration has also designated a civil liberties and privacy official and has launched a concerted effort to raise cybersecurity awareness among the public. The report also recommended the United States consider its positions regarding international cyber agreements.

“The United States is leading the way in an international dialogue to achieve greater cooperation among nations to defend against cyber threats,” according to the White House. “In partnership with like-minded nations and allies across the world, the United States has taken a lead role in international institutions, such as the United Nations, to make cybersecurity an international priority.”

Also, the administration is working on a national cyber response plan.

Read the full report here

Melissa Hathaway

Last week, experts from around 40 countries met at the Cooperative Cyber Defence Centre of Excellence in Estonia’s capital Tallinn to discuss cybersecurity issues. Estonian President Toomas Hendrik Ilves gave the opening remarks, warning about cyber crime.

Melissa Hathaway, President of Hathaway Global Strategies and leader of the 60-day Cyberspace Policy Review, gave the keynote address where she discussed the evolution of the Internet. She provided analysis from technical innovation, policy, security and legal perspectives and discussed the challenges and opportunities the Internet presents.

Hathaway also discussed the tie-in to national security. On the economics front, she said the history of the Internet has included moves for cost-savings, interoperability and economic efficiency, which have cause critical infrastructure to be more vulnerable, rather than less.

Bruce Schneier also presented at the conference where he discussed his views on cyber war and the “scare tactics” he claimed are being used. Recently, Schneier was also part of a debate in Washington, D.C. where he advocated a similar line.

During his remarks, Schneier said policy makers and cyber experts should focus on market drivers, calling the use of scare tactics bad public policy. He also advocated for the development of policy which addresses each threat and the appropriate response. Additionally, Schneier discussed the need to understand the threat landscape and educate the populace regarding the threats in cyberspace.

“The conference will be attended by various cybersecurity experts and professionals from related disciplines in governments, military and academia to discuss the growing connection between computer security and national security,” NATO cyber defence centre spokeswoman said.

The four day conference, taking place from June 15 to June 18, is organized by the Cooperative Cyber Defence Centre of Excellence. The conference will feature speakers like Melissa Hathaway, who led the 60 cyberspace policy review and Bruce Schneier, a renowned cryptographer.

“When people in world want to know how IT security really works, they turn to Schneier,” the spokeswoman said.

Charlie Miller, known for hacking Mac computers, will also attend the conference.