Commission: Trump admin needs to prioritize cybersecurity

Days after releasing its 100-page report on securing and growing the digital economy, the National Commission on Enhancing National Cybersecurity is looking at how to bring its recommendations to life.

The report, commissioned by President Barack Obama eight months ago as part of a $19 billion cybersecurity plan, consists of 16 recommendations and 53 specific short, medium and long-term action items to implement the recommendations. But the commission's executive director said the most important first step for President-elect Donald Trump is to simply make cybersecurity a clear priority.

"The president-elect needs to come in and say to his cabinet and his senior officials, 'this is a key issue for which you are all responsible,'" Kiersten Todt said at a New America Foundation cybersecurity event.

She said the landscape has changed from the transition eight years ago, when cybersecurity was still viewed as a siloed IT concern or a tangential issue. "It's critical to the core mission of every agency regardless of what the agency does," she said. "And that education, and that information up front is key to what this next administration needs to be looking at."

Todt said the incoming administration also has to look at how to develop policies that foster the growth of innovation while recognizing the risks that come with new technologies.

"Right now when we're looking at the future of the [internet of things] and connected devices, this is where we're going to see a lot of challenges and a lot of vulnerabilities, and that is critical to looking at how we structure and make resilient infrastructure as well as our private sector," she said.

Co-panelist Timothy Blute, program director for Homeland Security and Public Safety with the National Governors Association, added that going forward, cybersecurity must be a whole of government effort.

"Cybersecurity cannot just be managed from Washington or from Trenton, or from Albany or Sacramento," he said. "It has to be managed in every city and every state capital and in Washington, D.C."

Blute said that one of the positives of the report is the emphasis on the role of state and local government in cybersecurity going forward.

Todt stressed that from the outset, the non-partisan commission focused on implementation rather than simply generating another report, and that the Dec. 1 deadline to deliver the report to the White House was not so much a finish line, but a starting point.

"These [recommendations] in a report do nothing, they have to be executed out in the real world, and the first step is hopefully having the opportunity to be able to brief the Trump administration."

She said that she and commission Director Thomas Donilon briefed the president on Dec. 2, and that the next step in the process is for the current administration to reach out to the president-elect to set up briefings.

"The report is the report, but the opportunity to brief would allow for greater context around why these recommendations were chosen, what was put in, what wasn't and why," she said.

Todt said she hopes this report allows the new administration to "hit the ground running as quickly as possible," on cyber, but at the same time, it's not all up to the new administration.

"Some of these recommendations, particularly those that are looking at industry will be executed by the commissioners in their own entities, in their own businesses," said Todt. "That's the true kind of put your money where your mouth is because it is saying 'not only did we propose this, but…we believe in it that we're going to be executing it.'"