White House to coordinate cybersecurity efforts

The White House will coordinate the national cybersecurity strategy but without creating a separate office, said members of a House caucus that was briefed on the progress of the Obama administration's 60-day cyber review.

Melissa Hathaway, senior director for cyberspace for the National Security and Homeland Security councils, briefed the House Cybersecurity Caucus on Thursday about the progress she has made in the administration's review of agencies' cybersecurity efforts, which is more than halfway done. The caucus was established in September 2008 to provide a forum for representatives from different committees to discuss the issues in securing cyberspace.

Hathaway indicated in her briefing that "cybersecurity is going to very much be an interagency strategy coordinated out of the White House," said Rep. James R. Langevin, D-R.I., co-chair of the House Cybersecurity Caucus, who held a call with reporters on Thursday to discuss the briefing.

He initially said the White House's cybersecurity plan wouldn't include a special adviser on cybersecurity within the Executive Office of the President, a recommendation made in a report released by the Commission on Cybersecurity for the 44th Presidency, which Langevin also co-chaired. His later statements indicated there was a possibility of a new office for cybersecurity within the White House, which would be determined later.

"I like the strategy of having an office in the EOP with a special adviser," Langevin said. "That's my preference, but I don't want to prejudge the report, and I want to give [Hathaway] time to [decide what] is going to work best within the administration."

Other possibilities for managing cybersecurity included the National Security Council coordinating initiatives under Hathaway's direction and an increase in staffing at the Office of Management and Budget to support more oversight of agencies' cybersecurity efforts. Langevin did not discuss how much responsibility could fall on the Homeland Security Department, which has been snubbed in the struggle over who would take the management lead on cybersecurity. But he said DHS and the National Security Agency would play major roles in cyber initiatives.

"The organization itself is massive," said Rep. Yvette D. Clarke, D-N.Y., chairwoman of the House Homeland Security Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, who also attended the press call. "You're dealing with 42 different departments and agencies" that play a role in cybersecurity. "There is not one king, but more of a collaborative approach with all stakeholders at the national level."

Hathaway covered areas that reflected those included in briefings with industry and think tank organizations. The review examines technical standards the government needs to put in place to protect the national infrastructure, how it can improve public awareness about cybersecurity, and how it can work with the international community and the private sector to better protect sensitive computer networks and information.

"There was a lot of talk about there needing to be more of a roadmap [to enable] public-private interface, and that is one of the measures that this review will focus on," Clarke said, adding that industry could see more regulations as well as more incentives to encourage support of cybersecurity initiatives.

Langevin did not say how much the House will allocate for cybersecurity spending in the 2010 budget, but he said it "will be significant."

"This will be a multiyear, multibillion-dollar effort to secure cyberspace," he said. "I believe a cyber 9/11 is a very real possibility that keeps me up at night."