Speaking at RSA, Melissa Hathaway, who has been running a 60-day government-wide review of cybersecurity policy, left no doubt that the White House will take direct, top-down control of cybersecurity. (Prepared comments.)
[Responsibility for cybersecurity] transcends the jurisdictional purview of individual departments and agencies because, although each agency has a unique contribution to make, no single agency has a broad enough perspective to match the sweep of the challenges. It requires leading from the top -- from the White House, to Departments and Agencies, State, local, tribal governments, the C-Suite, and to the local classroom and library. The national dialogue on cybersecurity must advance now.
The White House must lead the way forward with leadership that draws upon the strength, advice and ideas of the entire nation.
But as The Post's Brian Krebs noted, details of the new policy were scant -- actually nonexistent. She offered instead a "60-day movie trailer" of the report. (She seemed enthralled to be in California, even though she was in San Francisco, not L.A. Earlier in the speech she made gratuitous mention of Hollywood blockbusters that "capture the essence of the problem," including War Games, Sneakers, The Net and Live Free.)
Update: Andrew Storms found the talk too brief, too "hokey," and too vague.
To no one's surprise the review calls for greater public discourse, private/public partnerships and a significant call to action for the audience sitting directly in front of her. What we didn't get was any new information or new ideas and no specific course of action beyond what we all already understand to be necessary.
Here's the rest of the 60-day trailer.
There is a unique opportunity for the United States to work with countries around the world to make the digital infrastructure a safe and secure place that drives prosperity and innovation for all nations.
The public and private sector’s interests are intertwined with a shared responsibility for ensuring a secure, reliable infrastructure upon which businesses and government services depend. Information is key to preventing, detecting, responding to and recovering from cyber incidents. Again, this requires evolving our partnerships together.
Building toward the architecture of the future requires research and development that focuses on game-changing technologies that could enhance the security, reliability, resilience and trustworthiness of our digital infrastructure. We need to be mindful of how we, government and industry together, can optimize our collective research and development dollars and work together to improve market incentives for secure and resilient hardware and software products, new security innovation, and secure managed services.