Francesca Spidalieri is the co-principal investigator on the Cyber Readiness Index Project at the Potomac Institute for Policy Studies. She also serves as the Senior Fellow for Cyber Leadership at the Pell Center, at Salve Regina University, as a Distinguished Fellow at the Ponemon Institute, and as 2017 Transatlantic Digital Debates Fellow at New America and at the Global Public Policy Institute. Her academic research and publications focus on cyber leadership development, cyber risk management, cyber education, and cyber security workforce develop-ment. In 2015, she published a report, entitled State of the States on Cybersecurity, that applies the Cyber Readiness Index 1.0 at the US state level. All her additional studies and academic articles can be found at the following link: http://pellcenter.org/cyber-leadership/ |
"State of the States on Cyber Security,"
"One Leader at a Time: The Failure to Educate Future Leaders for an Age of Persistent Cyber Threat,"
"Joint Professional Military Education Institutions in an Age of Cyber Threat,"
“Professionalization of Cybersecurity: A Path to Universal Standards and Status,”
Melissa Hathaway is a leading expert in cyberspace policy and cyber security. She served in two US presidential administrations, spearheading the Cyberspace Policy Review for President Barack Obama and leading the Comprehensive National Cybersecurity Initiative (CNCI) for President George W. Bush. Today, she is a Senior Fellow and a member of the Board of Re-gents at Potomac Institute for Policy Studies. She is also a Senior Advisor at Harvard Kennedy School’s Belfer Center for Science and International Affairs, a Distinguished Fellow at the Centre for International Governance Innovation in Canada, a non-resident Research Fellow at the Kos-ciuszko Institute in Poland, and she is President of Hathaway Global Strategies LLC, her own consultancy. Melissa developed a unique methodology for evaluating and measuring national levels of preparedness for certain cyber security risks, known as the Cyber Readiness Index (CRI). The CRI methodology is available in Arabic, Chinese, English, French, Russian, and Spanish, and is being applied to 125 countries. The CRI country profiles of France, Germany, India, Italy, Japan, the Netherlands, Saudi Arabia, the United Kingdom, and the United States can be found at the following link: https://potomacinstitute.org/academic-centers/cyber-readiness-index. . Having served on the board of directors for two public companies and three non-profit organizations, and as a strategic advisor to a number of public and private companies, Melissa brings a unique combination of policy and technical expertise, as well as board room experience to help others better understand the intersection of government policy, devel-oping technological and industry trends, and economic drivers that impact acquisition and business development strategy in this field. She publishes regularly on cyber security matters affecting companies and countries. Most of her articles can be found at the following website: http://belfercenter.ksg.harvard.edu/experts/2132/melissa_hathaway.html |
July 2018
Original paper can be found here
April 20, 2017
Paper, Centre for International Governance Innovation
By: Melissa Hathaway, Distinguished Fellow
This paper offers five standards of care that can be used to test individual states' true commitment to the international norms of behaviour. Only with a concerted and coordinated effort across the global community will it be possible to change the new normal of "anything goes" and move forward to ensure the future safety and security of the Internet and Internet-based infrastructures.
November 30, 2016
Article, Bloomberg
By: Melissa Hathaway
"Manufacturers, retailers and others selling services and products with embedded digital technology must be held legally accountable for the security flaws of their wares....A better approach is an Internet Underwriters Laboratory, akin to the product-testing and certification system used for electrical appliances. Such a system could help ensure that internet-connected devices meet a minimum level of security before they're released into the marketplace."
March 2016
Report Chapter
By: Melissa Hathaway and Francesca Spidalieri
Internet penetration and the wider adoption of information communications technologies (ICTs) are reshaping many aspects of the world's economies, governments, and societies. Everything from the way goods and services are produced, distributed, and consumed, to how governments deliver services and disseminate information, to how businesses, and citizens interact and participate in the social contract are affected. The opportunities associated with becoming connected and participating in the Internet economy and the potential economic impact cannot be ignored.
October 2015
Journal Article, Georgetown Journal of International Affairs
By: Melissa Hathaway, President of Hathaway Global Strategies LLC
In this issue of International Engagement on Cyber, authors discuss developments, challenges, and improvements to critical infrastructure cybersecurity from legal, policy, and technical perspectives. Cyber V also evaluates cybersecurity in Brazil, suggests improved government and private sector cybersecurity practices, and theorizes military actions in the information age.
November 2014
Journal Article, American Foreign Policy Interests
By: Melissa Hathaway, President of Hathaway Global Strategies LLC
"Modern societies are in the middle of a strategic, multidimensional competition for money, power, and control over all aspects of the Internet and the Internet economy. This article discusses the increasing pace of discord and the competing interests that are unfolding in the current debate concerning the control and governance of the Internet and its infrastructure."
July 25, 2014
Journal Article, Georgetown Journal of International Affairs
By Melissa Hathaway, Senior Advisor, Project on Technology, Security, and Conflict in the Cyber Age and John Stewart
In our current state of cybersecurity, breach, crime, disruption, and destruction are growing in unacceptable ways. Key indicators suggest that we are not making enough progress and in fact, are possibly going backwards. This paper proposed four actions to start taking right now.
June 11, 2014
Media Feature
By Melissa Hathaway, Senior Advisor, Project on Technology, Security, and Conflict in the Cyber Age
Melissa Hathaway gave an overview of the latest developments in cybersecurity from a US and then global perspective—and discussed what is at stake for companies and nations at a Centre for International Governance Innovation Policy Forum.
February 2014
Book Chapter
By Melissa Hathaway, Senior Advisor, Project on Technology, Security, and Conflict in the Cyber Age
This chapter informs NATO cyber defense policy and presents operators and decision-makers with genuine tools and expert advice for computer network defense, incident detection, and incident response.
February 2014
Book
By Melissa Hathaway, Senior Advisor, Project on Technology, Security, and Conflict in the Cyber Age
The cyber security of vital infrastructure and services has become a major concern for countries worldwide. The members of NATO are no exception, and they share a responsibility to help the global community to strengthen its cyber defenses against malicious cyber activity. This book presents 10 papers and 21 specific findings from the NATO Advanced Research Workshop (ARW) "Best Practices in Computer Network Defense (CND): Incident Detection and Response", held in Geneva, Switzerland, in September 2013.
May 14, 2013
Commentary, Centre for International Governance Innovation
By: Melissa Hathaway, President of Hathaway Global Strategies LLC
"The G20 has an opportunity to articulate a vision for shaping the Internet economy for the next five to 10 years. The power of the leadership of this body, combined with its ability to assemble and speak to a simple, positive narrative for cybersecurity anchored in our collective economic well-being (and GDP growth), could be a watershed event. The GDP erosion that all nations are suffering places cybersecurity within the legitimate processes and 'architecture' of international economic governance. By changing the conversation to being about the economy and growth, this approach would enable the G20 to de-escalate the militarization and balkanization of the Internet."
2012
Journal Article, Georgetown Journal of International Affairs
By: Melissa Hathaway, President of Hathaway Global Strategies LLC
"Policy makers, legislators, and businessmen should assess the gap between the current defense posture and our needed front line defense in the face of an increasingly sophisticated range of actors. This paper describes a series of case studies that highlight the lack of attention being paid to this serious problem and the subsequent policy and technology solutions that are being brought to bear to close the gap."
December 2012
Book Chapter
By: Melissa Hathaway
In this chapter, Melissa Hathaway and Alexander Klimburg introduce three conceptual tools to help focus the strategic context and debate. These are termed the "three dimensions," the "five mandates," and the "five dilemmas" of national cyber security. Each dimension, mandate and dilemma will play a varying role in each nation's attempt to formulate and execute a national cyber security strategy according to their specific conditions.
February 2012
Book Chapter
By: Melissa Hathaway, President Hathaway Global Strategies LLC
As American businesses, inventors, and artists market, sell, and distribute their products worldwide via the Internet, the threat from criminals and criminal organizations who want to profit illegally from their hard work grows. The threat from other nations wanting to jump start their industries without making the intellectual investment is even more disturbing. This fleecing of America must stop. We can no longer afford complacency and silence—we must find and use as many market levers as possible to change the path we are on.
Spring 2012
Magazine Article, Europe’s World
By: Melissa Hathaway, Former acting senior director of cyber space, U.S. National Security Council
"What is needed is a holistic approach by governments around the world, with policies, laws and regulatory frameworks that support the communications sector and ISPs as they provide security to ensure the internet remains a public good."
March 2012
Paper, Munk School of Global Affairs, University of Toronto
By: Melissa Hathaway and John E. Savage
In today's interconnected world, the Internet is no longer a tool. Rather, it is a service that helps generate income and employment, provides access to business and information, enables e-learning, and facilitates government activities. It is an essential service that has been integrated into every part of our society. Our experience begins when an Internet Service Provider (ISP) uses fixed telephony (plain old telephone service), mobile-cellular telephony, or fixed fiber-optic or broadband service to connect us to the global network. From that moment on, the ISP shoulders the responsibility for the instantaneous, reliable, and secure movement of our data over the Internet.
November 2011
Magazine Article, Security Europe
By: Melissa Hathaway, Former acting senior director of cyber space, U.S. National Security Council
By combining the power of both institutions, everyone could achieve economies of scale and a stronger defensive cyber posture.
October 2011
Paper, Science, Technology, and Public Policy Program, Belfer Center
By: Melissa Hathaway
"Cybersecurity is a means to enable social stability and promote digital democracy; a method by which to govern the Internet; and a process by which to secure critical infrastructure from cybercrime, cyberespionage, cyberterrorism and cyberwar. As nations and corporations recognize their dependence on ICT, policymakers must find the proper balance in protecting their investments without strangling future growth."
September 28, 2011
Magazine Article, GovInfoSecurity.com
By: Melissa Hathaway
"If Congress focuses its efforts on the areas where members appear to agree reform is needed, then it is possible that a cybersecurity bill will finally become a law. The proposals, if adopted, will make incremental change and a small difference in our cybersecurity posture. Bolder steps are needed but are unlikely to be taken given the combination of this fiscally constrained environment, politically divided Congress and the upcoming presidential election cycle."
2011
Journal Article, Georgetown Journal of International Affairs
By: Melissa Hathaway
The Executive Branch faces numerous complex challenges in a variety of domestic and international arenas. Strengthening our information security posture is certainly one of them, and the Administration must take a bold approach to accomplishing this end. The author presents a unique strategy for strengthening cybersecurity, recommending that the Executive Branch should call upon three independent regulatory agencies — the SEC, FCC, and FTC — to support our information infrastructure and protect American enterprise.
March 1, 2011
Presentation, Science, Technology, and Public Policy Program, Belfer Center
By: Melissa Hathaway, Senior Advisor Belfer Center
Explorations in Cyber International Relations Senior Advisor Melissa Hathaway discusses the current state of U.S. cybersecurity policies and outlines several new recommendations for Congress and the Executive Branch to enact in this Congressional briefing on March 1, 2011.
November 2010
Presentation
By: Melissa Hathaway, Senior Advisor Belfer Center
In this briefing, Melissa Hathaway updates her May 2010 briefing on more than 50 pieces of legislation that are being debated in the 111th Congress. She highlights recent congressional activity, including the release of three Government Accounting Office studies and the introduction of thirteen new pieces of legislation.
November 18, 2010
Journal Article, SAIS Review
By: Melissa Hathaway
Countries will need to reconcile the facts that their Internet infrastructures are vulnerable and less resilient to attack and that their economic dependence on the Internet makes cooperation between countries on cybersecurity issues essential. Disparate and uncoordinated cyber defense schemes could adversely affect individual and collective security, privacy, usability, transparency, speed, and interoperability. Much tighter alignment and better integration of European and NATO initiatives with national laws, policies, and funding priorities is necessary to counteract threats against national networks and infrastructure. Only through international cooperation and private-public partnerships can cyber defense measures succeed.
October 14, 2010
Presentation
By: Melissa Hathaway, Senior Advisor Belfer Center
In this briefing, Melissa Hathaway highlights the history of the Internet and the tensions between economic and national security goals.
October 2010
Magazine Article, Scientific American
By: Melissa Hathaway
President Barack Obama's talk about the need for a "smart grid" sounds smart, writes Melissa Hathaway. "What's not to like about the idea of an electricity grid that can work at top efficiency?" It would "vastly improve the reliability, availability and efficiency of the electric system." However, she argues, "as currently envisaged...it's a dangerously dumb idea. The problem is cybersecurity."
June 10, 2010
Analysis & Opinions, GovInfoSecurity.com
By: Melissa Hathaway
Melissa Hathaway writes that the key tenet of cloud computing is availability. But where are the other cornerstones of information security: integrity and confidentiality? She suggests five key questions CIOs and CISOs should ask.
May 29, 2010
Analysis & opinions, The Washington Post
By: Melissa Hathaway and Jack L. Goldsmith
"There is widespread agreement that this long-term trend of grabbing the economic gains from information technology advances and ignoring their security costs has reached a crisis point," write Melissa Hathaway and Jack Goldsmith. "As we progress digitally, we must also adopt and embed sometimes-costly security solutions into our core infrastructures and enterprises and stop playing the game of chance."
May 17, 2010
Presentation
By: Melissa Hathaway, Senior Advisor Belfer Center
In this briefing, Melissa Hathaway provides an analysis of more than 40 pieces of legislation that are being debated in the 111th Congress.
May 7, 2010
Analysis & Opinions
By: Melissa Hathaway
"Our most important resource right now is time. Targeted attacks on industry are increasing and our defensive posture remains weak. While a sense of urgency is rising, I am afraid that we will see more partnerships emerge rather than consolidated efforts and investments across executive branch agencies or industry verticals. We cannot afford to wait and see who will lead and who will follow."
December 21, 2009
Analysis & Opinions
By: Melissa Hathaway
"While many understand the opportunities created through this shared global infrastructure, known as cyberspace, few Americans understand the threats presented in cyberspace, which regularly arise at individual, organizational and state (or societal) levels. And these are not small threats: a paper presented earlier this year at the World Economic Forum in Davos Switzerland estimated the total losses associated with cybercrime in 2008 exceeded one trillion dollars and the FBI has declared cybercrime to be its highest criminal priority."
November 25, 2009
Analysis & Opinions, The Washington Times
By: Melissa Hathaway
"In a time where we discuss and debate border protection from in-bound missiles or illegal immigrants, we fail to address the stark reality of the threat that transgresses our borders daily. This threat is present in the Internet...."
October 2009
Discussion Paper
By: Melissa Hathaway
The internet is an interconnected series of networks--where it is difficult to determine where private security threats end and public ones begin. These networks deliver power and water to our households and businesses, enable us to access our bank accounts from almost any city in the world, and transform the way our doctors provide healthcare. For all of these reasons, we need a safe Internet with a strong network infrastructure.
Fall 2008
Journal Article, Intelligencer
By: Melissa Hathaway, Senior Advisor to the Director of National Intelligence and Cyber Coordination Executive
"It is no longer sufficient for the U.S. government to discover cyber intrusions in its networks, clean up the damage, and take legal or political steps to deter further intrusions. The U.S. must take action to protect the critical components upon which our economy, government, and national security are based from potential exploitation, disruption or destruction."