Review could relieve tension over cybersecurity leadership

The White House's 60-day cybersecurity review will determine which agency will take the lead in protecting federal computer networks, according to industry and think tank officials.

Officials said Melissa Hathaway, who is overseeing the review, told them during a series of briefings that it will address cybersecurity governance.

"This is where [the White House] will decide who actually runs things," said Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. "They'll figure out where this is actually going to park."

Tension has been mounting between the Homeland Security Department and the National Security Agency over leadership of the federal cybersecurity program.

According to a document obtained by Nextgov.com summarizing Hathaway's presentations, the review also will identify weaknesses in the federal computer architecture. This will help officials develop a plan for decreasing vulnerabilities and establish standards for securing federal networks.

In addition, Hathaway's team will define "normative behaviors for cyberspace," and the review will promote "capacity building" by identifying where redundant security measures make sense and where new capabilities are needed to meet cybersecurity goals.

At a broader level, "the two important points [Hathaway] made were that one, this is not a review of what the Bush administration did -- it's forward looking -- and two, this plan is not going to be the solution -- it's the direction for how to get there," Lewis said.

According to the summary of Hathaway's presentation, the former cyber coordination executive at the Office of the Director of National Intelligence listed establishing an appropriate threshold for information sharing among government agencies as one challenge. She also said it would be difficult to define the government's role in defending private sector computer networks.

Lewis said he is pleased with the review team's progress so far. "They've already briefed [President Obama] once, and from what I'm told, he's paying attention," Lewis said. "This is top level, though a lot of stuff is on hold until [the plans] get sorted out."

Hathaway's review will culminate in a strategy for addressing cybersecurity issues, an interagency action plan, and a roadmap for disseminating information about the new approach.