Presidential Cybersecurity Commission Makes Some Good Suggestions

December 6, 2016/Frederick Scholl/, ,

President Obama’s Commission on Enhancing National Cybersecurity issued its report on December 1, and I thought it had some good recommendations.  I was expecting a long list of regulatory requirements but did not find those.  Now we have to wait to see if the incoming President chooses to follow the recommendations.

The report contents were divided into six imperatives and 16 recommendations.  The recommendations were backed up with action items.  The major recurring idea in the report was that of public-private partnerships.  Another one was the use of incentives to encourage the adoption of good cybersecurity programs.  There were many specific steps that the group documented.

Here are some of the high points that caught my attention:

  • Creation of a National Cybersecurity Private-Public Program (NCP3) to address the collaboration of public and private sectors in cyber defense.  This is needed, since we don’t have a template to use in the event of a major incident.
  • Strong authentication:   government services should offer strong authentication to citizens; agencies should require strong authentication by employees and contractors; the government should determine how it can provide identity proofing for all.
  • The NIST Cyber Security Framework (CSF) gets prime billing.  Recommendations are that it should be required in government agencies, promoted in the private sector and promoted internationally.
  • Incentives should be provided for companies that follow good cyber risk management principles.
  • Significant focus on helping SMB markets.
  • Recommendation to increase funding for cybersecurity in civilian federal agencies by $4 billion over 10 years.
  • Development of a cybersecurity nutritional label to help educate consumers.
  • Workforce improvement:  100,000 new cybersecurity practitioners by 2020; 50,000 new apprentice level practitioners by 2020.
  • Mandatory training program for managers and executives.
  • Move federal agencies from security requirements management to enterprise risk management.

The whole report is worth reading and can be found here.

Posted in
Tags: , ,

Frederick Scholl

Frederick Scholl is an accomplished Global Senior Information Security Risk Manager. Dr. Scholl earned a BS and Ph.D. in Electrical Engineering from Cornell University. In 1991, Fred founded Monarch Information Networks, LLC to enable forward-thinking organizations to protect their information. Previously, he co-founded Codenoll Technology Corporation (NASDAQ: CODN). He chaired the IEEE committee that wrote the first standard for Ethernet communication over fiber optic links, now used world-wide.

Book an Appointment for Cybersecurity Issues

Request an appointment with Dr. Fred Scholl. We will discuss any cybersecurity issues you have.

Book an Appointment

More Good Reading

Healthcare: Time to Review Your Cybersecurity Plan

Cybersecurity Thrives in An Organizational Context

The First National Cybersecurity Summit

New Privacy Laws Require Security Professionals Up Their Game

Cybersecurity Workforce Development: Real or Imagined Problem?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58