By Maggie Shiels
Technology reporter, BBC News, RSA Conference San Francisco
07:16 GMT, Thursday, 23 April 2009
The White House should take direct control of US cybersecurity, the woman tipped to be President Obama's net security Czar has said.
Melissa Hathaway told a conference in San Francisco that the net had not been built with safety in mind.
She has just completed a review of cybersecurity for the President.
"This poses one of the most serious challenges of the 21st Century. Cyber space won't be secured overnight on the basis of one good plan," she said.
"We need an agreed way forward based on common understanding and acceptance of the problem.
"This is why the President requested a clean slate review," said Ms Hathaway, who is acting senior director for cyberspace for the National Security and Homeland Security Councils.
"We have witnessed countless intrusions that have allowed criminals to steal hundreds of millions of dollars and allowed nation- states and others to steal intellectual property and sensitive military information," Ms Hathaway said.
She urged security professionals and the private sector to join the government in securing the digital highway which "underpins almost every facet of modern society and provides critical support for the US economy, civil infrastructure, public safety and national security".
Ms Hathaway said the job ahead was "a marathon, not a sprint but we have taken the first steps to make real and lasting progress".
"Ambitious action plan"
The review is expected to be made public at the end of the month. Ms Hathaway said more detailed discussions will take place once the President and his administration had have an opportunity to digest her recommendations.
While she did not give any specifics, Ms Hathaway did present what she called her "60-day movie trailer" version of the study which broadly outlined a more collaborative approach and the nurturing of a national dialogue to "help this critical conversation grow."
"There was little in context or information. They keynote simply told everyone that it would be a team effort," said Steve Ragan of The Tech Herald.
Jill R. Aitoro of Nextgov.com agreed that there was not much meat on the bones.
"Melissa Hathaway generally confirmed what was previously reported regarding the review: The White House should co-ordinate cybersecurity efforts; private sector needs to play a bigger role in security cyberspace; and responsibility for the protection of federal computer networks and systems should be divvied up among a number of agencies."
President Obama has made the issue of cybersecurity a top priority and ordered this 60 day review to determine how the government should dramatically restructure how it handles the internet and security.
To date the government has kept its own counsel on the shape of its new cybersecurity establishment. However it has been reported the administration has finalised plans for a new Pentagon cyber command to co-ordinate the security of military computer networks.
Meanwhile the National Security Agency, or NSA, has downplayed rumours that it is interested in being in charge of cybersecurity.
At the RSA conference, NSA Director Lt Gen. Keith Alexander said he had no intentions of stripping that power from the Department of Homeland Security (DHS).
"We do not want to run cybersecurity for the US government," he stated in no uncertain terms.
"We need partnerships with others. The DHS has a bit part, you do, and our partners in academia. It's one network and we all have to work together," said Lt Gen. Alexander.
That was a view that was echoed by Ms Hathaway.
"Cybersecurity isn't only the responsiblitiy of governments and corporations, but that of individuals, including each of us here today, as well."