New commission will advise next president on cybersecurity

Reps. Jim Langevin (D-R.I.) and Mike McCaul (R-Texas), chairman and ranking member of the committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, respectively, will be co-chairmen of the commission. Scott Charney, vice president of Microsoft’s Trustworthy Computing Group, and retired Navy Adm. Bobby Inman, a professor at the University of Texas at Austin who holds the Lyndon B. Johnson Centennial Chair in national policy, will  be co-chairmen representing industry. CSIS is the commission's sponsor and asked Langevin and McCaul to be co-chairmen.“We recognized from several hearings and investigative work the staff has done and other meetings that we have had that there are some real cybersecurity concerns in the government and in the private sector,” he said. “We need to be far better protected and prepared and understand the scope of the problem to establish a blueprint for how to better protect ourselves in the future. We thought no better time than now.” The commission will hold five meetings in the next year to identify recommendations for the next administration, Langevin said. It will have about 35 members, including former federal officials,  private-sector experts, and representatives from industry and government, such as Mike Assante, infrastructure protection manager at the Idaho National Laboratory. “I expect the recommendations to be very specific things as well as big-picture issues to provide a blueprint to secure our networks,” Langevin said. “We will make recommendations about when things can be left to the private sector and what incentives may be needed. We also will make recommendations to when the government should step in through legislation or regulation and require the private sector to make needed cybersecurity upgrades.” He added that it may be similar to the way the Nuclear Regulatory Commission steps in to regulate the nuclear power industry. During its upcoming meetings, the commission will set an agenda, study existing cybersecurity policies, examine federal organizations, look at the government's authorities, and identify necessary incentives, legislation or policy initiatives. At the final session, the group will make recommendations. “One thing that will come out of these recommendations will be for the public and private sectors to do the basics, such as putting firewalls in place or intrusion-detection mechanisms,” Langevin said. The Office of Management and Budget or the Senate likely will not have a role in the commission, he said. The commission will consider briefing the eventual presidential candidates from each party when the time is appropriate, he added. “I’m proud to help lead the commission as co-chairman,” Langevin said. “I expect the recommendations will be a solid document that we can rely on to better secure our networks.”