If the reports about Hathaway becoming Obama's cybersecurity chief are correct, she will have "pretty strong leverage" to influence policy and bring together various government entities as part of the CNCI, Yoran said. Her immediate assignment to that has been done thus far as part of the initiative and other cybersecurity programs is a good idea, he added.

"Just because she has been managing it doesn't mean the direction she has taken shouldn't be reviewed," he said. The review is especially needed, according to Yoran, because much of the work that has gone on under the CNCI has been classified. "I wouldn't be surprised if there weren't some adjustments to the current portfolio that need to be made," he said, while noting that he also thinks "a lot of the activities that are under way" likely are aligned with national cybersecurity objectives.

Tom Kellermann, another member of the CSIS commission, also expressed satisfaction about Hathaway's involvement in the review and the possibility that she will take the lead on cybersecurity issues afterwards. He said that Hathaway has a keen understanding of the international nature and scope of the cybersecurity problem and the nexus that exists between cybercriminals and unfriendly governments.

Kellermann, who is vice president of security awareness at Core Security Technologies, a Boston-based vendor of security testing tools, added that he hopes the cybersecurity job eventually will be elevated "to a higher level" -- that of a special adviser who would report directly to Obama.

John Pescatore, an analyst at Gartner Inc., agreed that Hathaway's choice to lead the cybersecurity review is a good one but said that her previous work on the CNCI could be somewhat problematic. While the initiative has some good points, the effort is well behind private-sector norms in dealing with issues such as intrusion prevention and detection, Pescatore said.