Obama taps cybersecurity expert to assess U.S. defenses

— -- The White House has engaged a hard-charging consultant for an unprecedented review of U.S. cybersecurity policy to determine whether the government needs to be more pro-active in slowing cybercrime attacks on individuals and businesses.

Melissa Hathaway, named by President Obama to conduct a 60-day review of the nation's cyberdefense policies, faces a tall order. She must assess the effectiveness of former president George W. Bush's $30 billion cyberdefense plan that emphasized tighter lockdowns on government data. And she must advise Obama on calls for him to get more directly involved in securing the Internet, say security experts and administration officials.

"We can't afford to lose momentum right now, because the threats aren't slowing down, they're continuing to evolve and become much more sophisticated," says Tiffany Jones, director of public policy and government relations for security company Symantec.

Hathaway, 40, declined interview requests. She was a management consultant at Booz Allen Hamilton for 15 years, specializing in helping military and intelligence organizations to collaborate. Obama selected her because she has spent the past two years at the epicenter of Bush's cyberefforts, says White House spokesman Nick Shapiro.

In March 2007, Hathaway became the point person for Bush's efforts to stem a rash of breaches of government and military networks by foreign cyberspies. She helped shape and rally support for secret initiatives to reduce the number of connections to federal networks and deploy stronger cyberdefenses. "Every agency gave her grudging respect," says Alan Paller, research director at tech think tank the SANS Institute. "She orchestrated resources she didn't own and made people play well together. It was extraordinary."

Even so, Bush's initiatives drew criticism for being myopic and failing to partner with businesses and foreign governments. "We live in a connected world," says Melih Abdulhayoglu, CEO of security firm Comodo. Hathaway should "look at what needs to be done to protect every single node (computer) on the Internet that could be used for criminal pursuits or terrorism."