Much of the talk at the RSA Conference last week centered on the lack of the unifying theme or big-time story that usually emerges to take over the show by mid-week. But there was, in fact, a major story, and it was the abject failure of the Obama administration, in the person of Melissa Hathaway, to deliver any concrete details on its plans to drag the country’s information security infrastructure out of the quagmire it’s been in for nearly a decade.
Hathaway’s much-anticipated speech on Wednesday afternoon turned out to be nothing but a 30-minute infomercial for the much-hyped 60-day review of the U.S. security program, which she oversaw. Instead of using the huge platform of the RSA Conference to outline the administration’s plans for improving information sharing between the government and private sector or which agency will have oversight of federal security, Hathaway said as little as she could get away with while promising that details would be coming later.
Sorry, but that’s not good enough. I realize that the review was completed just days before Hathaway’s speech and that the administration may not have been ready to unveil its entire strategy. And I also understand that much of the plan is likely to be a rehash of things that have been tried many times over, dating back to the National Strategy to Secure Cyber Space.
If that’s the case, then why bother having her speak at all? Just keep quiet until the plan is ready and then send Hathaway or Paul Kurtz or whoever gets the federal security chief job on a media tour to talk up the plan. Better to actually say nothing than to get up on a stage in front of thousands of people and talk for half an hour about nothing.
As Matt Hines of eWeek points out, this was a key opportunity to foster goodwill in the security community, which instead turned into a bitter disappointment for most in attendance.
So many of us in the community had lined up to go into that room for the keynote ready to be challenged and inspired to be part of something special, a historic chance to affect change in improving national cyber-security policy at a time when we are being overwhelmed by electronic attacks from outsiders, including those backed by both organized overseas criminals and foreign states themselves.
But most of us walked out of the room a scant 30 minutes later shaking our heads at the lack of direction we’d been given, openly disappointed by the Administration’s inability to realize the moment, and feeling sort of sorry for Hathaway for having been put up on stage with nothing to tell us that we didn’t already know.
So now the Obama administration finds itself in exactly the same position that the Bush administration was in, with little support from the security industry, confusion inside the Beltway and a general sense of apathy all the way around. RSA was the perfect chance to address all of the constituencies that have stakes in the process, lay the cards on the table and talk about how things will be different this time around. Instead, we got more of the same warmed-over rhetoric.
Change? Not so far.
