Feds Failing Cybersecurity


by Ericka Chickowski

Last week, the White House's acting senior director of cyberspace, Melissa Hathaway, spoke in front of a packed audience at the RSA conference in San Francisco, presumably to fill the security community in on the latest news about the Obama administration's strategy for cybersecurity.

Count me among the many audience members who were left feeling underwhelmed. Hathaway was never able to establish rapport with the audience due to her robotic reading of a script that included no real or tangible details from the upcoming report on cybersecurity collaboration, which she's been working on for the past two months. The best she could do is tell the audience to expect details in "the coming days."

Sadly, the disappointment wasn't really a surprise. The reason the government has had such a hard time collaborating with the private sector in the first place is the very reason why Hathaway bombed. The real root of the problem is that the bureaucrats still haven't figured out a way to build a culture of transparency and open communication. They hold their cards close to the vest and they hold the private sector at arms' length.

I'll give you an example. At the conference, I had breakfast with a security researcher who related a little story to me. He had been walking the show floor and decided to stop off and talk to a member of the Department of Homeland Security's booth team. He was asking the DHS official how they could work better together, because there are so many instances where independent researchers find meaningful information long before the government does. The DHS bureaucrats' answer?

"Here's a card, you can send it to this e-mail address."

My contact explained to him that an anonymous, catch-all e-mail account just wouldn't fly for many of these folks, who only feel comfortable working with a trusted contact. The DHS bureaucrats' answer, again?

"Here's a card, you can send it to this e-mail address."

When the researcher reiterated the impossibility of that approach, the DHS bureaucrat said, "Well, I guess we can't work together then."