The next president should deal with the growing cybersecurity threat by creating a new White House cybersecurity office and National Security Council directorate, commission says.
The upcoming Obama administration should establish a new office in the
White House to manage cybersecurity, a commission comprised of a
wide-range of experts and two lawmakers said today.
The Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency recommended that a new office in the Executive Office of the President -– which would be named the National Office for Cyberspace. NOC would work with a new cybersecurity directorate, which would be part of the National Security Council (NSC), to develop and manage a comprehensive national security strategy for cyber space, the commission recommended.
A new assistant to the president would direct NOC, which could be established by merging the existing National Center for Cybersecurity and the Joint Interagency Cyber Task Force, the commission recommended.
“Cyberspace is now a major national security issue,” wrote the panel, whose co-chairmen include Reps. Jim Langevin (D-R.I.) and Michael McCaul (R-Texas). “The United States should treat it as such, following the precedent” of weapons of mass destruction and nonproliferation. Langevin and McCaul are chairman and ranking member, respectively, of the Homeland Security Committee's Emerging Threats, Cybersecurity, and Science and Technology Subcommittee.
The new strategy should include diplomatic, intelligence, military, economic and law enforcement efforts the report states.
In its final report, the CSIS panel said that although the nature of cybersecurity means the ultimate authority should be bumped up to the Executive Office of the President, agencies should be responsible for their operational activities. For example, the Homeland Security Department would maintain its network and intrusion monitoring responsibilities, and the Office of Management and Budget would retain oversight of the budget functions in coordination with the new office and NSC.
In addition, the group urged President-elect Barack Obama to work with Congress to rewrite the Federal Information Security Management Act to use performance-based measurements of security. He should also propose legislation that eliminates the legal distinction between the technical standards for national security systems and civilian agency systems. The group said FISMA encourages document reviews rather than network security improvements.
The panel’s final report also recommends creating a presidential advisory committee and organizations to improve collaboration and bolstering public/private partnerships.
“America’s power, status and security in the world depend in good measure upon its economic strength; our lack of cybersecurity is steadily eroding this advantage,” the panel wrote.
The panel said the existing multiyear, multibillion-dollar Comprehensive National Cybersecurity Initiative should not be discarded, but it was insufficient.
“The next administration should not start over; it should adopt the initial efforts of the Initiative, but it should not consider it adequate,” the report states.
The commission emphasized the need to bolster identity management and update laws. It added that security should be part of the acquisition process. The report states that “laws for cyberspace are decades old, written for the technologies of a less-connected era. Working with Congress, the next administration should update these laws.”
The commission urged the next administration to enforce the requirements for secure interoperable identification cards required by Homeland Security Presidential Directive 12. It urged the new administration to restrict bonuses or awards at agencies that do not fully comply with those requirements.
“Finding ways to take better advantage of cyberspace will help give the United States a competitive edge in a world where we are currently running behind our competitors," the report concluded.
NEXT STORY: FCW Insider: Buzzing about DOD and malware