In February, President Obama created a nonpartisan Commission on Enhancing National Cybersecurity, charging it with assessing the current state of cybersecurity and recommending bold, actionable steps that the government, private sector, and the nation as a whole can take to bolster cybersecurity in today’s digital world.
Last week, the Commission issued its report focusing on six key imperatives that range from moving beyond reliance on standard passwords, securing the Internet of Things, increasing consumer awareness, expanding the pool of cybersecurity professionals and establishing international norms for cybersecurity.
Below is a summary of these recommendations along excerpts from the report.
#1: Protect, Defend, and Secure Today’s Information Infrastructure and Digital Networks
Here the Commission calls for government-private sector collaboration on
a roadmap for improving the security of digital networks, in particular by achieving robustness against denial-of service, spoofing, and other attacks on users and the nation’s network infrastructure.
A key point is moving beyond passwords by “increasing the use of strong authentication to improve identity management.”
#2: Innovate and Accelerate Investment for the Security and Growth of Digital Networks and the Digital Economy
The report calls for a public-private partnership to “rapidly and purposefully to improve the security of the Internet of Things (IoT).” One recommendation is to establish best practices standards for IoT devices that render them unusable until default usernames/passwords are changed.
#3: Prepare Consumers to Thrive in a Digital Age
The report recommended that business leaders in the information technology and communications sectors work with consumer organizations and the Federal Trade Commission (FTC) to provide consumers with better information so that they can make informed decisions when purchasing and using connected products and services.
Here some of the recommendations are interesting including:
- creating the equivalent of a cybersecurity “nutritional label” for technology products and services to improve consumer purchasing decisions; and
- convening a summit of stakeholders to launch a ” new national cybersecurity awareness and engagement campaign” within its first 100 days.
It also called for the FTC to
convene consumer organizations and industry stakeholders in an initiative to develop a standard template for documents that inform consumers of their cybersecurity roles and responsibilities as citizens in the digital economy—along with a “Consumer’s Bill of Rights and Responsibilities for the Digital Age.
#4: Build Cybersecurity Workforce Capabilities
The report calls on the next President to use training boot camps, apprentice programs and other means to train 100,000 new cybersecurity practitioners by 2020. For example, the White House has sponsored cybersecurity competitions (pictured below).
The federal government also can lead by example, by developing mandatory training programs to introduce managers and executives to cybersecurity risk management topics—even if their role is not focused on a cybersecurity mission area—so that they can create a culture of cybersecurity in their organizations.
#5: Better Equip Government to Function Effectively and Securely in the Digital Age
The report calls for consolidation of networks to be administered by a new cybersecurity and infrastructure Administration should establish a program to consolidate all civilian agencies’ network connections (as well as those of appropriate government contractors) into a single consolidated network. This program and the consolidated network should be administered by the newly established cybersecurity and infrastructure protection agency.
In addition, it calls for the acceleration of the pace at which technology is refreshed within the federal sector to minimize security vulnerabilities.
It also called for the new President to appoint and empower an Assistant to the President for Cybersecurity, reporting through the National Security Advisor, to lead national cybersecurity policy and coordinate implementation of cyber protection programs.
#6: Ensure an Open, Fair, Competitive, and Secure Global Digital Economy
The report explains
Today, the international digital economy lacks the coherent systems necessary to effectively address cross-border malicious cyber activity. The varied individual country technology requirements, assessment regimes, and cybersecurity policies fragment markets and force companies to devote resources to multiple compliance regimes rather than to innovation. The lack of global norms and standards forces industry to select markets where they can meet national requirements, avoiding or abandoning others. The lack of structure adds to disparities that can degrade national cybersecurity capabilities. The void in technical, policy, and legal conventions hampers information sharing and interoperability. Moreover, it creates an opening for criminals to launch attacks and conduct other malicious cyber activity. Build Cybersecurity Workforce Capabilities
The report recommends working with the international community
in creating and harmonizing cybersecurity policies and practices and common international agreements on cybersecurity law and global norms of behavior.
It also calls for the new President to promptly appoint an Ambassador for Cybersecurity to lead U.S. engagement with the international community on cybersecurity strategies, standards, and practices.