A commission tasked with advising President Barack Obama on cybersecurity has released its recommendations for securing the nation's technology, strongly advising the federal government to collaborate more with the private sector.
The Commission on Enhancing National Cybersecurity, established under the White House's Cybersecurity National Action Plan after a large-scale hack on the Office of Personnel Management's background check records, this week briefed Obama on its recommendations and suggestions for short-term fixes; potential action items included requiring that any federal services provided online use "appropriately strong authentication."
Collaborating on cyber efforts across government will maintain cybersecurity as a "top national security priority," Obama said in a statement published late Friday; promoting "international norms of responsible state behavior" helps the rest of the world face evolving cyber threats.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The administration has already taken steps to shore up cyber protection, Obama said in that statement. The CNAP established the first chief information security officer position—filled in September—and has proposed creating a $3.1 billion fund agencies could use to modernize internal IT systems.
The incoming administration should use these recommendations as a guide, and Obama has asked the commission to brief President-elect Donald Trump's transition team, he said in that statement. Obama urged Congress to "act to fully fund the urgent cybersecurity needs that my administration has identified in my 2017 budget and elsewhere," including federal IT systems and building up the cyber workforce. (Trump's plan to shore up federal cybersecurity, released during his campaign for president, outlines general plans to "order a thorough review of our cyber defenses and weaknesses, including all vital infrastructure.")
The commission includes current and former tech executives, including chair and former National Security Adviser Tom Donilon, former National Security Agency Director Gen. Keith Alexander and Uber's Chief Security Officer Joe Sullivan.
Other recommendations for the federal government included working with the private sector on a "roadmap for improving the security of digital networks," protecting them against "denial-of-service, spoofing and other attacks on users and the nation’s network infrastructure.”
The commission also recommended working with consumer groups including the Federal Trade Commission to help consumers make safer purchases. That might require an independent organization to draw up a cybersecurity “nutritional label,” that could be "linked to a rating system of understandable, impartial, third-party assessment that consumers will intuitively trust and understand."
The federal government should also reconsider the organizational structure within the president's executive office, the commission wrote, recommending the president appoint an "assistant to the president for cybersecurity, reporting through the national security advisor, to lead national cybersecurity policy and coordinate implementation of cyber protection programs."