U.S. Cybersecurity Has a Long Way to Go


SAN FRANCISCO (Reuters) - The intelligence expert who prepared a still-secret study on cybersecurity for President Obama said on Wednesday the danger of attacks on U.S. computer networks cannot be fixed easily or quickly.

"Cyberspace won't be secured overnight and on the basis of one good plan," Melissa Hathaway told the nation's largest conference of private security experts, RSA. "This is a marathon, not a sprint."

Hathaway said she had completed work on her report, prepared at the request of the president, and it will be made public soon. Her report aims to address the problem that countries and individuals can compromise, steal, change and destroy information, or damage the U.S. electric grid.

Hathaway said criminals have already used the Internet to steal hundreds of millions of dollars and that countries had gotten access to sensitive military information.

"They even have the ability to threaten or damage portions of our critical infrastructure," she said.

Hathaway cited an instance in which 130 automated teller machines in 49 cities around the world were emptied in a 30-minute period last November.

"These and other risks have the potential to undermine our confidence in the information systems that underlie our economic and national security interests," she said.

Earlier at the conference, Enrique Salem, the chief executive of computer security company Symantec, called on the administration "to designate an assistant to the president for cybersecurity at the White House." Salem said the official must have comprehensive responsibility -- in other words, be a Washington czar.

It was unclear from Hathaway's remarks whether her report makes that kind of recommendation. She said only that the government needs "an agreed way forward based on common understanding and acceptance of the problem."

One focus of the report will be to update laws and government policies designed for the telegraph, telephone and satellite to reflect changes which have come about in the Internet era, a senior White House official said this month.

Hathaway worked for former President George Bush's administration as cyber-coordination executive under Mike McConnell, Bush's director of national intelligence.

One vulnerability the Bush administration found was the large number of access points between federal agencies and external computer networks. Hathaway said in October the number had been reduced from 3,500 to 1,000, with the goal to reduce it to fewer than 100.

Copyright 2009 Reuters. Click for restrictions.