Commission on Enhancing National Cybersecurity

Last updated

The President's Commission on Enhancing National Cybersecurity is a Presidential Commission formed on April 13, 2016, to develop a plan for protecting cyberspace, and America's economic reliance on it. [1] [2] The commission released its final report in December 2016. The report made recommendations regarding the intertwining roles of the military, government administration and the private sector in providing cyber security. [3] Chairman Donilon said of the report that its coverage "is unusual in the breadth of issues" with which it deals. [3]

Contents

Recommendations

The report made sixteen major recommendations with fifty-three specific action items broadly grouped under six areas: [4]

  1. Protecting the information and digital infrastructure
  2. Investing in the secure growth of information and digital infrastructure
  3. Consumer information access
  4. Building the cybersecurity workforce
  5. Building a secure governmental cybersecurity framework
  6. Keeping interconnectivity open, fair, competitive, and secure

The Commission found that strong authentication systems were mandatory for adequate cybersecurity, not just for the government, but for all commercial systems, and private individuals. [5] The commission also stressed remote identity proofing and security for the Internet of things (IoT). [5] [6] Finding that technicians who know cybersecurity and can protect systems are few and in short supply, the commission recommended nationally supported training programs to produce an adequate workforce, as well as increasing the level of expertise in the existing workforce. [7] [8] The Commission highlighted the importance of partnerships between government and the private sector as a powerful tool for encouraging the technology, policies and practices we need to secure and grow the digital economy. (page 2) [5]

Some [9] criticised the commission's work as lacking an understanding of cybersecurity and not being cognizant of "cyber reality" [10] and the cost of some of the action items, but others found the report constructive and meaningful. [4] [7]

Commission members

The initial members of the Commission are:

Follow-on

Incoming President Trump has indicated that he wants a full review of U.S. cyber protection policy. [11]

Notes and references

  1. "Announcing the President's Commission on Enhancing National Cybersecurity". whitehouse.gov . 13 April 2016. Retrieved 2016-04-14 via National Archives.
  2. The Commission will make detailed short-term and long-term recommendations to strengthen cybersecurity in both the public and private sectors, while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State, and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices. Executive Order 13718 of February 9, 2016 "Commission on Enhancing National Cybersecurity". Nist. National Institute of Standards and Technology (NIST). 30 May 2016. Archived from the original on 22 November 2016.
  3. 1 2 Rockwell, Mark (21 November 2016). "Cyber panel closes in on final recommendations". Federal Computer Week (FCW). 1105 Media, Inc. Retrieved 22 November 2016.
  4. 1 2 "Commission on Enhancing National Cybersecurity Issues Recommendations". Hunton & Williams’ Global Privacy and Cybersecurity Law. 5 December 2016. Archived from the original on 12 February 2017. Retrieved 12 February 2017.
  5. 1 2 3 McDowell, Brett (5 December 2016). "US Commission on Enhancing National Cybersecurity Calls for an End to Password-based Breaches by 2021, Highlights the Importance of FIDO Standards". Fast IDentity Online (FIDO) Alliance. Archived from the original on 30 January 2017.
  6. Wright, Helen (6 February 2017). "Research Implications of the Report from the President's Commission on Enhancing National Cybersecurity". Research News. Computing Community Consortium (CCC). Archived from the original on 12 February 2017.
  7. 1 2 Burgess, Christopher (12 December 2016). "President's Commission on Enhancing National Cybersecurity Recommendations". ClearanceJobs. Archived from the original on 12 February 2017.
  8. Pagliery, Jose (2 December 2016). "Panel to Trump: Train 100,000 hackers". CNN. Archived from the original on 4 December 2016.
  9. For example, the CEO of Errata Security, in his article Graham, Robert (5 December 2016). "The 'Commission on Cyber Security' is absurd". Errata Security. Archived from the original on 22 December 2016.
  10. Among other things, how IoT devices work. Graham 2016
  11. Costello, John (10 November 2016). "Overview of President-Elect Donald Trump's Cyber Policy". Flashpoint. Archived from the original on 22 November 2016.

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

<span class="mw-page-title-main">Federal Office for Information Security</span> German federal agency

The Federal Office for Information Security is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories. It is located in Bonn and as of 2024 has about 1,700 employees. Its current president, since 1 July 2023, is former business executive Claudia Plattner, who took over the presidency from Arne Schönbohm.

<span class="mw-page-title-main">Jeff Moss (hacker)</span> American computer security expert

Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.

The Institute for Information Infrastructure Protection (I3P) is a consortium of national cyber security institutions, including academic research centers, U.S. federal government laboratories, and nonprofit organizations, all of which have long-standing, widely recognized expertise in cyber security research and development (R&D). The I3P is managed by The George Washington University, which is home to a small administrative staff that oversees and helps direct consortium activities.

The National Cybersecurity Center (NCC) was founded in 2016 as a 501(c)(3) nonprofit organization in Colorado Springs, Colorado. It was started from a vision of then Governor John Hickenlooper, in coordination with several people from the University of Colorado Colorado Springs (UCCS) and the community. The NCC serves both public and private organizations and individuals through training, education, and research.

<span class="mw-page-title-main">Thomas E. Donilon</span> American National Security Advisor

Thomas Edward Donilon is an American lawyer, business executive, and former government official who served as the 22nd National Security Advisor in the Obama administration from 2010 to 2013. Donilon also worked in the Carter and Clinton administrations, including as chief of staff of the U.S. State Department. He is now Chairman of the BlackRock Investment Institute, the firm's global think tank.

Control system security, or industrial control system (ICS) cybersecurity, is the prevention of interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water, transportation, manufacturing, and communications. They rely on computers, networks, operating systems, applications, and programmable controllers, each of which could contain security vulnerabilities. The 2010 discovery of the Stuxnet worm demonstrated the vulnerability of these systems to cyber incidents. The United States and other governments have passed cyber-security regulations requiring enhanced protection for control systems operating critical infrastructure.

<span class="mw-page-title-main">Bill Conner</span> American businessman

F. William Conner is an American business executive. Conner has worked across a variety of high-tech industries, specializing in corporate turnaround, cybersecurity, data and infrastructure.

The National Infrastructure Advisory Council (NIAC) is a United States government advisory council, which advises the President of the United States on the security of information systems in banking, finance, transportation, energy, manufacturing, and emergency government services. The George W. Bush Administration's executive order 13231 of October 16, 2001 created the NIAC, and its functioning was last extended until September 30, 2023 by executive order 14048 of the Biden Administration.

<span class="mw-page-title-main">Dmitri Alperovitch</span> American computer security industry executive (born 1980)

Dmitri Alperovitch is an American think-tank founder, author, investor, philanthropist, podcast host and former computer security industry executive. He is the chairman of Silverado Policy Accelerator, a geopolitics think-tank in Washington, D.C., and a co-founder and former chief technology officer of CrowdStrike. Alperovitch is a naturalized U.S. citizen born in Russia who came to the United States in 1994 with his family.

<span class="mw-page-title-main">National Cybersecurity and Critical Infrastructure Protection Act of 2013</span>

The National Cybersecurity and Critical Infrastructure Protection Act of 2013 is a bill that would amend the Homeland Security Act of 2002 to require the Secretary of the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government and would codify the role of DHS in preventing and responding to cybersecurity incidents involving the Information Technology (IT) systems of federal civilian agencies and critical infrastructure in the United States.

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides cloud workload and endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of several high-profile cyberattacks, including the 2014 Sony Pictures hack, the 2015–16 cyber attacks on the Democratic National Committee (DNC), and the 2016 email leak involving the DNC.

Kiersten Todt is the Chief of Staff of the U.S. Cybersecurity and Infrastructure Security Agency (CISA). She previously served as the managing director of the Cyber Readiness Institute as well as a resident scholar at the University of Pittsburgh in Washington, DC with the Institute for Cyber Law, Policy, and Security and was appointed for this position on June 1, 2017. Before taking this position, she worked under Barack Obama in the national cybersecurity commission. She was the president and partner with Liberty Group Ventures, LLC. She has been a partner with Good Harbor Consulting. She was cognizant of the organization's North America crisis management practice. 

<span class="mw-page-title-main">National Initiative for Cybersecurity Education</span> American government program for cybersecurity education

The National Initiative for Cybersecurity Education (NICE) is a partnership between government, academia, and the private sector focused supporting the country's ability to address current and future cybersecurity education and workforce challenges through standards and best practices. NICE is led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.

<span class="mw-page-title-main">Cybersecurity and Infrastructure Security Agency</span> Agency of the United States Department of Homeland Security

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.

<span class="mw-page-title-main">Chris Krebs</span> American cybersecurity and infrastructure security expert (born 1977)

Christopher Cox Krebs is an American attorney who served as Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security from November 2018 until November 17, 2020, when President Donald Trump fired Krebs for contradicting Trump's claims of election fraud in the 2020 presidential election.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

The Cyber Safety Review Board was established by the United States Secretary of Homeland Security. Modeled after the National Transportation Safety Board, it will meet in cases of significant cybersecurity incidents. The board's creation was announced upon President Joe Biden's signing of Executive Order 14028 on May 12, 2021.