Jump to content

Commission on Enhancing National Cybersecurity

From Wikipedia, the free encyclopedia

The President's Commission on Enhancing National Cybersecurity is a Presidential Commission formed on April 13, 2016, to develop a plan for protecting cyberspace, and America's economic reliance on it.[1][2] The commission released its final report in December 2016. The report made recommendations regarding the intertwining roles of the military, government administration and the private sector in providing cyber security.[3] Chairman Donilon said of the report that its coverage "is unusual in the breadth of issues" with which it deals.[3]

Recommendations

[edit]

The report made sixteen major recommendations with fifty-three specific action items broadly grouped under six areas:[4]

  1. Protecting the information and digital infrastructure
  2. Investing in the secure growth of information and digital infrastructure
  3. Consumer information access
  4. Building the cybersecurity workforce
  5. Building a secure governmental cybersecurity framework
  6. Keeping interconnectivity open, fair, competitive, and secure

The Commission found that strong authentication systems were mandatory for adequate cybersecurity, not just for the government, but for all commercial systems, and private individuals.[5] The commission also stressed remote identity proofing and security for the Internet of things (IoT).[5][6] Finding that technicians who know cybersecurity and can protect systems are few and in short supply, the commission recommended nationally supported training programs to produce an adequate workforce, as well as increasing the level of expertise in the existing workforce.[7][8] The Commission highlighted the importance of partnerships between government and the private sector as a powerful tool for encouraging the technology, policies and practices we need to secure and grow the digital economy. (page 2)[5]

Some[9] criticised the commission's work as lacking an understanding of cybersecurity and not being cognizant of "cyber reality"[10] and the cost of some of the action items, but others found the report constructive and meaningful.[4][7]

Commission members

[edit]

The initial members of the Commission are:

  • Tom Donilon, former Assistant to the President and National Security Advisor (Chair)
  • Sam Palmisano, former CEO of IBM (Vice Chair)
  • General Keith Alexander, CEO of IronNet Cybersecurity, former Director of the National Security Agency and former Commander of U.S. Cyber Command
  • Annie Antón, Professor and Chair of the School of Interactive Computing at Georgia Tech.
  • Ajay Banga, President and CEO of MasterCard
  • Steven Chabinsky, General Counsel and Chief Risk Officer of CrowdStrike
  • Patrick Gallagher, Chancellor of the University of Pittsburgh and former Director of the National Institute of Standards and Technology
  • Peter Lee, Corporate Vice President, Microsoft Research
  • Herbert Lin, Senior Research Scholar for Cyber Policy and Security at the Stanford Center for International Security and Cooperation and Research Fellow at the Hoover Institution
  • Heather Murren, former member of the Financial Crisis Inquiry Commission and co-founder of the Nevada Cancer Institute
  • Joe Sullivan, Chief Security Officer of Uber and former Chief Security Officer of Facebook
  • Maggie Wilderotter, Executive Chairman of Frontier Communications

Follow-on

[edit]

Incoming President Trump has indicated that he wants a full review of U.S. cyber protection policy.[11]

Notes and references

[edit]
  1. ^ "Announcing the President's Commission on Enhancing National Cybersecurity". whitehouse.gov. 13 April 2016. Retrieved 2016-04-14 – via National Archives.
  2. ^ The Commission will make detailed short-term and long-term recommendations to strengthen cybersecurity in both the public and private sectors, while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State, and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices. Executive Order 13718 of February 9, 2016 "Commission on Enhancing National Cybersecurity". Nist. National Institute of Standards and Technology (NIST). 30 May 2016. Archived from the original on 22 November 2016.
  3. ^ a b Rockwell, Mark (21 November 2016). "Cyber panel closes in on final recommendations". Federal Computer Week (FCW). 1105 Media, Inc. Retrieved 22 November 2016.
  4. ^ a b "Commission on Enhancing National Cybersecurity Issues Recommendations". Hunton & Williams’ Global Privacy and Cybersecurity Law. 5 December 2016. Archived from the original on 12 February 2017. Retrieved 12 February 2017.
  5. ^ a b c McDowell, Brett (5 December 2016). "US Commission on Enhancing National Cybersecurity Calls for an End to Password-based Breaches by 2021, Highlights the Importance of FIDO Standards". Fast IDentity Online (FIDO) Alliance. Archived from the original on 30 January 2017.
  6. ^ Wright, Helen (6 February 2017). "Research Implications of the Report from the President's Commission on Enhancing National Cybersecurity". Research News. Computing Community Consortium (CCC). Archived from the original on 12 February 2017.
  7. ^ a b Burgess, Christopher (12 December 2016). "President's Commission on Enhancing National Cybersecurity Recommendations". ClearanceJobs. Archived from the original on 12 February 2017.
  8. ^ Pagliery, Jose (2 December 2016). "Panel to Trump: Train 100,000 hackers". CNN. Archived from the original on 4 December 2016.
  9. ^ For example, the CEO of Errata Security, in his article Graham, Robert (5 December 2016). "The 'Commission on Cyber Security' is absurd". Errata Security. Archived from the original on 22 December 2016.
  10. ^ Among other things, how IoT devices work. Graham 2016
  11. ^ Costello, John (10 November 2016). "Overview of President-Elect Donald Trump's Cyber Policy". Flashpoint. Archived from the original on 22 November 2016.
[edit]