By Ericka Chickowski

Information security vets have been waiting with bated breath for Barack Obama's first move regarding cybersecurity. They can inhale at least a little now.

On Monday the President named Melissa Hathaway acting senior director for cyberspace of the National Security Council and the Homeland Security Council, with rumors swirling that Obama will tap her for cybersecurity czar after she completes a 60-day stint in her new role while reviewing the nation's cybersecurity strategies. Hathaway previously served as cyber-security coordinator executive under Mike McConnell, former President Bush's Director of National Intelligence (DNI) and before that was a consultant for Booz Allen Hamilton.

My question is, why the wait? The reason Hathaway was chosen in the first place is because of her DNI experience, during which she spent time developing a comprehensive cybersecurity initiative under President Bush. This new post has her reviewing a plan she helped to develop, a classic bureaucratic activity.

My colleague over at eWeek, Larry Seltzer, made an interesting point about the details of Monday appointment in a Obama would promote the cybersecurity chief to report directly to the President.

So, if he's made this promise and cybersecurity is indeed one of his top priorities, why is Hathaway wasting her time reviewing the nation's plans? As any CIO or CSO will tell you, it is easy to develop a set of standards or best practices to stand up as a goal post--especially if there's already a current version. The real hard part is rolling up your sleeves and implementing.