A national commission charged with recommending actionable steps for the near and long-term to strengthen the nation’s cyber security is being advised that cyber security must be a priority for the next presidential administration, the executive director for the Commission on Enhancing National Cybersecurity said on Tuesday.
“The new president needs to come in on day one and say, ‘This is a priority and I’m holding the cabinet that I have to be responsible for this issue and figuring out how to do that and what is the infrastructure that can be established within government to do so,’” Kiersten Todt told attendees at a cyber security conference hosted by the United States Chamber of Commerce.
Todt was selected in March by Commerce Secretary Penny Pritzker to be the executive director of the cyber commission, which was created by President Barak Obama earlier this year to recommend “bold” steps for government, the private sector and the nation at large to bolster cyber security. The commission is chaired by Tom Donilon, former National Security Adviser to Obama, and its vice-chairman is Sam Palmisano, former CEO of IBM [IBM].
The commission’s report is due on Dec. 1.
The recommendations will include successful practices and new ideas, Todt said. She added that these ideas “will move the needle and create the cultural shift” to strengthen national cyber security and “serve as a roadmap for cyber security for the new administration.”
The second big issue being raised by respondents to the commission’s request for information is “defensible cyber architecture,” Todt said. The commission is hearing about the “joint planning that needs to happen” between the private and public sectors before a cyber event ever occurs to improve preparation and resilience and so that responses are “pre-planned,” she said.
The next issue is that cyber security is a core mission for both government and the private sector and yet is often viewed as a competing priority for resources and finances, Todt said. Cyber security has to be integrated as a core mission of an organization and this is being explored by the commission as it relates to government, particularly with regard to short-term budget cycles and long-term planning needs, she said.
Another issue for agencies is how to align the issues of “authorities, capabilities and responsibility,” Todt said. Agencies typically have one or two of these, she said, and the challenge with authorities is they have too many and they aren’t aligned with the necessary resources and capabilities.
Another area the commission is looking at is research and development and a key issue here is long-term solutions, Todt said. The commission is looking at how it combines the technology talent and expertise in Silicon Valley with the policy and intelligence communities around Washington, D.C., and “how do we do it in a living lab type way that truly puts forth solutions that don’t only address what needs to happen in the private sector today but really looks at the long-term solutions to create that cultural shift.”
Todt said that infrastructure and related planning usually looks at short-term solutions yet advancing cyber security means tackling long-term solutions.