Leadership and Responsibility for Cybersecurity by Melissa Hathaway

Shop the Entire Special Issue- International Engagement on Cyber: 2012  ||  Return to International Engagement on Cyber: 2012 index


Melissa Hathaway is President of Hathaway Global Strategies, LLC and former Acting Senior Director for Cyberspace, U.S. National Secu- rity Council. Hathaway served as Cyber Coordination Executive and Director of the Joint Interagency Cyber Task Force in the Office of the Director of National Intelligence. Previously, Hathaway was a Principal with Booz Allen & Hamilton, Inc.


"The lack of corporate leadership and accountability for these events demonstrate that other market levers may be needed..."
 
"The deployment of Stuxnet raises a new set of ques- tions and...even more concerns about the future of the Internet and Internet-based infrastructures..."

According to Darwin, “it is not the most intellectual of the species that survives; it is not the strongest that survives; but the species that survives is the one that is able best to adapt and adjust to the changing environment in which it finds itself.”1 We have certainly adapted to the Internet and the technology that underpins it. In fact, we have made it an integral part of just about everything in our life; and in many ways we take it for granted that it will always work twenty-four hours a day, seven days a week. There are approximately 2.5 billion Internet users around the world of which nearly half are below the age of twenty-five.2 Yet, there is another set of actors that have adapted more successfully: criminals, spies, and some clever guys. Media headlines announce daily that our bank accounts are being robbed, our intellectual prop- erty is being illegally copied, and our critical infrastructures are penetrated and could stop working at any moment. The very fabric that contributes to nearly 40 percent of the productivity growth of the global economy also facilitates an equally robust underground economy.

These messages appear to fall on deaf ears as our corpo- rate and political leaders continue to talk about the troubled environment, yet too few are adapting to or assuming the responsibility for resolving it. Instead, our leaders appear to be paralyzed by the prolonged economic recovery and are in denial of the security needs of our infrastructures and enterprises. Why? Because of the difficulty in balancing parallel demands: economic recovery and growth vis-à-vis national securi- ty and infrastructure protection. This tension is further exacerbated by the competition for resources, lagging pol- icy implementation, and an ill-defined technology roadmap to address security shortfalls as we adopt and embed the next-generation technology into our infrastructures and enterprises.

Policy makers, legislators, and busi- nessmen should assess the gap between the current defense posture and our needed front line defense in the face of an increasingly sophisticated range of actors. This paper describes a series of case studies that highlight the lack of attention being paid to this serious problem and the subsequent policy and technology solutions that are being brought to bear to close the gap. (purchase article...)