On December 1, 2016, the Commission on Enhancing National Cybersecurity released its Report on Securing and Growing the Digital Economy. In its Report, the Commission, established in February 2016 by President Obama, provided detailed short- and long-term recommendations to strengthen cybersecurity in the public and private sectors. The Commission took a multi-stakeholder approach, emphasizing the need for broad public-private cooperation, defined consumer rights and responsibilities, and international streamlining efforts. The Report focused on eight cybersecurity topics identified in the Commission’s charging Executive Order: federal governance, critical infrastructure, cybersecurity research and development, cybersecurity workforce, identity management and authentication, Internet of Things, public awareness and education, state and local government cybersecurity, and additionally insurance and international issues.
After studying these eight critical areas, the Commission articulated ten foundational principles that shaped its recommendations in the Report. These principles focused on the growth in size and density of Internet-connected systems, United States and federal government leadership in cybersecurity innovation, private-public collaboration, clear definitions of authority and accountability, consumer education, user-friendly cybersecurity products, privacy and trust development, the unique needs and constraints of small businesses, and designing incentives for innovation.
The Report then enumerated myriad imperatives, recommendations, and action items for the current and next Presidential administrations to develop robust cybersecurity in the nation.
Imperative 1: Protect, Defend, and Secure Today’s Information Infrastructure and Digital Networks
The Commission’s recommendations to achieve this imperative focus on broad public-private partnerships. It called on the private sector and the Presidential Administration to collaborate on a roadmap for improving cybersecurity, develop and implement a new model for defending and securing network infrastructure, and increase use of strong authentication to improve identity management. It also called on the next Administration to sustain and increase use of the NIST Cybersecurity Framework, and develop concrete efforts to support and strengthen the cybersecurity of small and medium-sized businesses.
Imperative 2: Innovate and Accelerate Investment for the Security and Growth of Digital Networks and the Digital Economy
To support this imperative, the Commission recommended the federal government and private sector work together to rapidly and purposefully improve the security of the Internet of Things, and asked the federal government to make the development of usable, affordable, inherently secure, defensible, and resilient systems its top priority for cybersecurity research and development.
Imperative 3: Prepare Consumers to Thrive in a Digital Age
In order to enable consumers to securely participate in the proliferation of Internet-connected devices, the Commission recommended business leaders in information technology and communications sectors work with consumer organizations and the FTC to provide consumers better information so they can make informed decisions when purchasing and using connected products and services. The Commission also called on the federal government to develop research programs to improve the cybersecurity and usability of consumer products and digital technologies, by studying human behaviors with respect to connected technologies.
Imperative 4: Build Cybersecurity Workforce Capabilities
The Commission recommended that the nation proactively address workforce gaps in the cybersecurity field through capacity building and investment in innovations, such as automation, machine learning, and artificial intelligence. To that end, it suggested the next President initiate various workforce programs designed to spur education and careers in cybersecurity.
Imperative 5: Better Equip Government to Function Effectively and Securely in the Digital Age
To serve this imperative, the Commission recommended the federal government consolidate its basic network operations, the President and Congress promote a faster pace of technology adoption in the federal sector, and federal agencies move from cybersecurity requirements management to enterprise risk management. It also recommended the federal government better match cybersecurity responsibilities with the structure of and positions in the Executive Office of the President, and government at all levels clarify its cybersecurity mission responsibilities across departments and agencies.
Imperative 6: Ensure an Open, Fair, Competitive, and Secure Global Digital Economy
The Commission recommended the Administration coordinate with the International community to create and harmonize cybersecurity policies and practices, and institute common international agreements on cybersecurity law and norms. To achieve this objective, the Commission recommended creating an Ambassador-level cybersecurity position, extending the NIST Cybersecurity Framework to the international market, and assisting countries with cybersecurity capacity building.