One of the more widely anticipated keynotes at the RSA Conference this week is the talk by Melissa Hathaway, who was in charge of the Obama administration’s recently completed review of the country’s information security standing. However it now looks unlikely that Hathaway will actually reveal any of the key findings or recommendations in the review during her talk on Wednesday afternoon at the conference.
The much-discussed and debated 60-day review of the security of the U.S. critical infrastructure, which is designed to help President Obama develop a comprehensive security policy, was completed and delivered to Obama last week. The review cast a wide net in looking at the ways in which technology is used throughout the government and the privately owned networks that run the country’s utilities and other critical assets. And when Hathaway’s name was added to the list of keynote speakers at RSA, industry observers expected her to deliver a detailed report on the review.
But the administration has decided it’s not ready to release many details of the review or the report yet, so Hathaway’s talk likely will be light on recommendations or specifics, experts say. The Obama administration came under some crticism for putting Hathaway, who is a former aide to George W. Bush, in charge of the review. She was seen by some insiders as being too close to the Bush administration’s security policies, which have been criticized widely by experts and former government officials.
It is expected that chief among the recommendations in the report delivered to Obama is the need for the country’s information security program to be run out of the White House, with a high-ranking adviser reporting directly to Obama. That would be a return to the way things were done in the early part of this decade, when the President’s Critical Infrastructure Protection Board was in charge of information security and reported to Bush. That board was later dissolved and the security function was moved to the Department of Homeland Security.
There also has been a power struggle of late between the National Security Agency and DHS over who ultimately should have authority over security inside the government, and it’s unlikely that Hathaway’s report, whatever the recommendations are, will put that to rest.