Presidential cybersecurity commission gets a director
A private-sector security evangelist will be writing the cyber report President Barack Obama requested by the end of the year.
Kiersten Todt has been appointed executive director of the Commission on Enhancing National Cybersecurity, the Commerce Department announced.
Todt comes to government from Liberty Group Ventures, where she worked as president to craft diverse risk management solutions. Her appointment comes more than a month after the creation of the commission and the appointment of the commission's leaders, former National Security Adviser Tom Donilon and former IBM CEO Sam Palmisano. She also has government experience, as a former staffer on the Senate Homeland Security and Government Affairs Committee, and worked on the legislation that stood up the Department of Homeland Security.
Todt will have her hands full.
Speaking to the National Institute of Standards and Technology's Information Security and Privacy Advisory Board on March 23, Todt was bullish on the commission's potential to produce a valuable, actionable report by the Dec. 1 deadline, despite the fact that the commission is lacking 10 members and is tasked with an enormous range of problems. Focusing the scope of the commission's work will be a major initial effort, she said.
She pledged that the commission should have its full complement of members within the next few weeks, barring any hiccups. Four of the commissioners will be nominated by Congress, she noted.
The commissioners will spend the year gathering input from stakeholders and piecing together a report, though Todt herself will be the one who has to put pen to paper for the final draft, she said.
"This is not going to be a technical document," Todt pledged.
While plenty of technical endnotes will flesh out the report, Todt said, the primary focus will likely be on readability, influencing human behavior and offering an actionable mix of short- and long-term recommendations.
"I would have thought at some level the problem is fundamentally technical," countered Google's Dr. Peter Weinberger, who chairs ISPAB. "I don't think you're going to be able to fix the problem without dealing directly with the technology."
Todt acknowledged the centrality of technology, but noted the crucial role culture plays in both business and government decision-making. Leaders need to internalize smart risk management approaches to deploying technology, and promote resiliency in case of the almost-inevitable breach.
The end goal of the presidential commission is to produce a "dynamic, non-partisan, non-political document," Todt said. "The hope is that…this doesn't just produce an end-of-a-term report that gets put on the shelf, this is intended to be active for this administration as well as hopefully for the future."
She added that while Dec. 1 is fast approaching, the looming deadline could actually help force the commission to buckle down and produce a focused, useful document.
Weinberger warned against merely repackaging the best practice recommendations that have long bounced around the cybersecurity echo chamber, withou making inroads into popular consciousness.
"It's hard to see how generally acceptable recommendations from this commission will keep us from falling farther behind," Weinberger said.
"You will be surprised," Todt said, again promising a useful report. "Pleasantly."