Cyber panel closes in on final recommendations

A panel of business, technology and academia leaders is finalizing ideas for how to approach cybersecurity in the next decade.

Photo Credit: Pete Souza, White House photographer.

Tom Donilon, chair of the Commission on Enhancing National Cybersecurity, said the group's upcoming report "is unusual in the breadth of issues" it covers. (Photo by Pete Souza, White House photographer)

The commission charged with developing a plan to secure cyberspace in the next decade will recommend six long- and short-term fixes to the Obama administration by Dec. 1.

The Commission on Enhancing National Cybersecurity was mandated in President Barack Obama's Cybersecurity National Action Plan in February and given a deadline of producing a report and recommendations by Dec. 1.

Executive Director Kiersten Todt said the commission will meet that deadline, but the report won't be released publicly on that date.

"The goal is to present a set of concrete actions" the federal government and private sector can take to enhance the security of federal networks and consumer-oriented efforts in the coming years, said Tom Donilon, commission chair and former national security adviser, during the group's Nov. 21 public meeting.

The commission includes a dozen officials from industry and the federal government. Former IBM CEO Sam Palmisano is vice chair, and other members include retired Gen. Keith Alexander, former director of the National Security Agency and now CEO of IronNet Cybersecurity; Ajay Banga, president and CEO of MasterCard; and Steven Chabinsky, general counsel and chief risk officer at CrowdStrike.

The commission is responsible for recommending bold, actionable steps that the government, private sector and country as a whole could take to bolster cybersecurity in today's digital world. Donilon said the commission's report will focus on a handful of overarching "imperative" areas and key issues such as aligning research and development efforts with future needs, determining how to evolve security in device design and clarifying the intertwined roles of the government and private sector when it comes to cybersecurity.

The report will also address the role of consumers in making the internet more secure and the importance of a trained cybersecurity workforce.

Todt said the report will not be released publicly until Obama provides feedback on the document. The comment period is 45 days, giving him time to weigh in before his successor takes office on Jan. 20, 2017.

After it receives Obama's comments, the commission plans to release the report publicly.

Todt said the report is still being assembled from remarks and presentations from the commission's meetings, and she expects the final 60- to 70-page document to be written in "easily readable" language. "It will outline the big ideas -- some actionable immediately and some in the longer term," she added.

Donilon said the report "is unusual in the breadth of issues" it covers.