RSA Conference, 4-22-09
No, Melissa Hathaway did not disclose the findings of the 60-day review of US national cyber security ordered by President Obama and delivered to him recently. Although from the influx of media in the hour or so before her hastily scheduled remarks during today's afternoon keynote session.
We will have to wait until after Obama and his team have reviewed its contents, which certainly seems reasonable. It is after all an encouraging sign that an incoming President confronted with so many daunting challenges would have even thought to order such a sweeping and swift review.
But in her brief and heartfelt remarks, Hathaway did seem to more than hint at one important finding, i.e., that the White House must lead. Because cyber security is a national security issue, and no single agency in government could possibly oversee it for the whole of the government, the leadership must be centered in the White House. That is (or will be) as it should be.
If only more corporate leadership would recognize the need for robustness in the governance of enterprise security. (For more on this vital issue, download a copy of the CyLab Governance for Enterprise Security Survey.]
-- Richard Power