Obama establishes privacy council, cyber commission

President Barack Obama has signed executive orders establishing a Federal Privacy Council and a national commission on cybersecurity. In doing so, he kicked off his final year of cyber policymaking without waiting for Congress to respond to his over $19 billion request for cybersecurity funding for fiscal 2017.

The interagency privacy council is Obama's latest effort to restore public trust after former National Security Agency contractor Edward Snowden disclosed far-reaching NSA surveillance programs. The administration advocated for privacy protections in the data-sharing bill that Obama signed into law in December, but the final product disappointed privacy groups, which claim that the measure expands surveillance.

Perhaps with those critics in mind, Obama's executive order calls on the Office of Management and Budget to issue a revised policy within 120 days on the role of agencies' senior privacy officials, including their responsibilities and required level of expertise.

Effective governance requires the public's trust, the executive order states, adding, "Privacy has been at the heart of our democracy from its inception, and we need it now more than ever." The directive also seeks to improve training for privacy-focused officials and streamline duplicative efforts across government.

The council will be led by OMB's deputy director for management and is meant to be the principal forum for driving adoption of best practices in privacy. All the major federal agencies will have seats at the table, including the Defense Department and the Office of the Director of National Intelligence. The council will also coordinate with the CIO Council to promote consistency across the executive branch, the directive states.

Steven Aftergood, director of the Federation of American Scientists' Project on Government Secrecy, said the executive order seemed like "weak tea." Its focus on improving coordination and best practices is a necessary step, "but it stops short of defining a performance goal that agencies should strive to achieve," Aftergood told FCW.

A commission for the future

The Commerce Department will house the new Commission on Enhancing National Cybersecurity, which will consist of as many as 12 presidential appointees. Members of the commission could include experts on issues such as identity management, social media and Internet governance, according to the executive order establishing the commission.

It will focus on the medium to long term and make recommendations to strengthen cybersecurity in the public and private sectors over the next decade. Obama wants recommendations in the following areas: identity management for data protection, cybersecurity of the Internet of Things, investments in cybersecurity research and development, training the federal workforce and educating the public.

The commission will also develop an IT governance model for cybersecurity risk by creating frameworks for identifying which IT services agencies should develop internally and ensuring that cybersecurity is part of system upgrades.

The commission's recommendations are due to the president by Dec. 1 and will be made public.

The executive orders were issued the same day the White House announced the creation of a federal chief information security officer position to work with military and civilian officials across government.