President's Commission on Cybersecurity releases final report

President's Commission on Cybersecurity releases final report
© Getty Images

The President's Commission on Enhancing National Cybersecurity released its final report Friday evening, meant as a transition guide to help the upcoming Donald TrumpDonald John TrumpSarah Huckabee Sanders becomes Fox News contributor The US-Iranian scuffle over a ship is a sideshow to events in the Gulf South Korea: US, North Korea to resume nuclear talks 'soon' MORE administration hit the ground running. 

The Commission, created by executive order in February and kept under the auspices of Commerce's National Institute of Standards and Technology, was tasked with defining and offering possible solutions for cybersecurity in the years to come. It was composed of 12 experts with a range of experience, from National Security Agency head Gen. Keith Alexander to executives from companies like MasterCard and IBM.

"[W]e have the opportunity to change the balance further in our favor in cyberspace – but only if we take additional bold action to do so," said President Obama in a statement upon the report's release. "My Administration has made considerable progress in this regard over the last eight years.  Now it is time for the next Administration to take up this charge."
The boldest recommendations in the report include an "Ambassador for Cybersecurity" at the State Department and consolidating infrastructure protection under a single agency. 

Many of the solutions offered in the report are ideas that will not spur much partisan controversy. Commissioners aimed for a document usable by whichever presidential candidate would win, or, said one commissioner, whichever government might want to adopt the recommendations.

"The US really has a leadership position in IT. We were keenly aware have an influence outside the US. We hope the ideas will be adopted worldwide," said Commissioner and Vice President of Microsoft Research Peter Lee.

The report is the fruit of public meetings across the country and a broad call for public comment. The finished product distilled comments and expertise into six areas: protecting information infrastructure and digital networks; innovation; preparing consumers; growing the cybersecurity workforce; securing government; and safeguarding the digital economy.

Commissioners emphasized the role of the private sector, both in terms of public-private partnerships and developing malleable standards like a voluntary security "nutrition label" that companies could use to reassure customers. 

"One issue that we debated was market forces versus rules and regulations. After a lot of analysis and debate, we consistently went with incentives," said Lee. 

It also advocates all federal agencies follow the NIST Cybersecurity Framework, a set of flexible cybersecurity guidelines popularly - and voluntarily - followed in the private sector. 

Outside experts believe the recommendations have a chance of sticking with the next administration. 

“They will do things that are in here. Will they have the same tone? Will they say these are Obama's ideas? Absolutely not. But there are ideas that will get done in some form," said Ari Schwartz, Managing Director of Cybersecurity Services at the law firm Venable, and a former Special Assistant to the President and Senior Director for Cybersecurity in the Obama National Security Council. 

“It’s a gift from this president to the next president," he continued. "Here are some ideas, use them if you’d like, if you don’t want to use them, that’s on me."