Group urges White House to lead on cybersecurity
The next president should deal with the growing cybersecurity threat by creating a new White House cybersecurity office and National Security Council directorate, commission says.
The upcoming Obama administration should establish a new office in the
White House to manage cybersecurity, a commission comprised of a
wide-range of experts and two lawmakers said today.
The Center
for Strategic and International Studies (CSIS) Commission on
Cybersecurity for the 44th Presidency recommended that a new office in
the Executive Office of the President -– which would be named the
National Office for Cyberspace. NOC would work with a new cybersecurity
directorate, which would be part of the National Security Council
(NSC), to develop and manage a comprehensive national security strategy
for cyber space, the commission recommended.
A new assistant to
the president would direct NOC, which could be established by merging
the existing National Center for Cybersecurity and the Joint
Interagency Cyber Task Force, the commission recommended.
“Cyberspace
is now a major national security issue,” wrote the panel, whose
co-chairmen include Reps. Jim Langevin (D-R.I.) and Michael McCaul
(R-Texas). “The United States should treat it as such, following the
precedent” of weapons of mass destruction and nonproliferation.
Langevin and McCaul are chairman and ranking member, respectively, of
the Homeland Security Committee's Emerging Threats, Cybersecurity, and
Science and Technology Subcommittee.
The new strategy should include diplomatic, intelligence, military, economic and law enforcement efforts the report states.
In
its final report, the CSIS panel said that although the nature of
cybersecurity means the ultimate authority should be bumped up to the
Executive Office of the President, agencies should be responsible for
their operational activities. For example, the Homeland Security
Department would maintain its network and intrusion monitoring
responsibilities, and the Office of Management and Budget would retain
oversight of the budget functions in coordination with the new office
and NSC.
In addition, the group urged President-elect Barack
Obama to work with Congress to rewrite the Federal Information Security
Management Act to use performance-based measurements of security. He
should also propose legislation that eliminates the legal distinction
between the technical standards for national security systems and
civilian agency systems. The group said FISMA encourages document
reviews rather than network security improvements.
The panel’s
final report also recommends creating a presidential advisory committee
and organizations to improve collaboration and bolstering
public/private partnerships.
“America’s power, status and
security in the world depend in good measure upon its economic
strength; our lack of cybersecurity is steadily eroding this
advantage,” the panel wrote.
The panel said the existing
multiyear, multibillion-dollar Comprehensive National Cybersecurity
Initiative should not be discarded, but it was insufficient.
“The
next administration should not start over; it should adopt the initial
efforts of the Initiative, but it should not consider it adequate,” the
report states.
The commission emphasized the need to bolster
identity management and update laws. It added that security should be
part of the acquisition process. The report states that “laws for
cyberspace are decades old, written for the technologies of a
less-connected era. Working with Congress, the next administration
should update these laws.”
The commission urged the next
administration to enforce the requirements for secure interoperable
identification cards required by Homeland Security Presidential
Directive 12. It urged the new administration to restrict bonuses or
awards at agencies that do not fully comply with those requirements.
“Finding
ways to take better advantage of cyberspace will help give the United
States a competitive edge in a world where we are currently running
behind our competitors," the report concluded.
NEXT STORY: FCW Insider: Buzzing about DOD and malware