Cybersecurity Recommendations

The Center for a New American Security released a two-volume report today on cybersecurity entitled "America's Cyber Future: Security and Prosperity in the Information Age." In the acknowledgments, the authors thank the "more than 200 people who generously contributed their time and expertise to the project." The report has numerous chapters and was written by 21 people drawn from the private sector, academia and think tanks.

The report offers numerous recommendations. Among them:

  • Adopt a comprehensive strategy for a safe and secure cyberspace.
  • Forge an international agenda for cybersecurity.
  • Establish a U.S. declaratory policy on cybersecurity.
  • Raise costs for cyber attackers.
  • Prepare for the future of the Internet.
  • Build the institutional capacity necessary to coordinate U.S. government responsibilities in cyberspace.
  • Enhance oversight of U.S. government cybersecurity activities.
  • Protect the nation's most critical infrastructure.
  • Harness the private sector's innovative power for cybersecurity.

Few of the ideas contained in the recommendations are new and many, if not all of them, have been discussed and included in some form in various legislative and administrative proposals that have been circulating. Some, such as the focus on international efforts, were addressed a couple of weeks ago by the administration in its international strategy and in its hiring of Chris Painter as the State Department cybersecurity coordinator.

The report does provide a helpful roadmap to many of the more discussed ideas, including references and support for them. In the 13 chapters contained in Volume II, the report also provides some insightful and thoughtful pieces by individuals focused on various aspects of cybersecurity -- from cyberwar to governance to privacy and architectural issues.

The report, which can be found here, is definitely worth reading to get an overview of many of the cyber discussions taking place around D.C. and among policymakers for the last several years.

Going forward, the U.S. needs action on many of the issues identified in the report, as well as solid operational and tactical plans to successfully protect our cybernetworks and plan for future cyber incidents.