The Commission on Enhancing National Cybersecurity, the nonpartisan group charged by President Barack Obama with developing recommendations for securing and growing the digital economy via cybersecurity measures, issued its final report in early December.
The Commission identified six imperatives for enhancing cybersecurity that the current administration – as well as the incoming one – should embrace and take action on.
“Successful implementation of our recommendations will require significant commitment from both the public and private sectors and extensive cooperation and collaboration between the two,” the report states. “Indeed, enhancing the state of national cybersecurity will require the coordinated effort of a wide range of organizations and individuals.”
The report notes that technological advancement “is outpacing security and will continue to do so unless we change how we approach and implement cybersecurity strategies and practices.”
The commission submitted the following “six major imperatives,” which together contain 16 recommendations and 53 associated action items.
The imperatives are:
- Protect, defend and secure today’s information infrastructure and digital networks.
- Innovate and accelerate investment for the security and growth of digital networks and the digital economy.
- Prepare consumers to thrive in a digital age.
- Build cybersecurity workforce capabilities.
- Better equip government to function effectively and securely in the digital age.
- Ensure an open, fair, competitive and secure global digital economy.
As to building cybersecurity capabilities in the workforce, the report recommends, for instance, that the U.S. proactively address “workforce gaps through capacity building, while simultaneously investing in innovations—such as automation, machine learning, and artificial intelligence—that will redistribute the future required workforce.”
The report encourages the next president “to initiate a national cybersecurity workforce program to train 100,000 new cybersecurity practitioners by 2020.”
Another action item for the next president: Within the first 100 days of the new administration, the White House should convene a summit of business, education, consumer, and government leaders at all levels to plan for the launch of a new national cybersecurity awareness and engagement campaign.
The report also advises regulatory agencies “to harmonize existing and future regulations” with the Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework, which was called for by an Obama executive order, “to focus on risk management—reducing industry’s cost of complying with prescriptive or conflicting regulations that may not aid cybersecurity and may unintentionally discourage rather than incentivize innovation.”