A bipartisan think tank is calling on the incoming Obama administration to enact sweeping changes in U.S. cybersecurity policy — a move that aims to close holes in the nation’s and federal government’s Internet infrastructure.
But the changes could also enforce tough new requirements on agencies and U.S. businesses, according to the recommendations from the Washington-based Center for Strategic and International Studies (CSIS).
The group, a nonprofit think tank focusing on security policy, set up a special Commission on Cybersecurity for the 44th Presidency last year to examine the nation’s Internet defense strategies, in the wake of attacks on several U.S. government Web sites — including those of the State, Defense and Commerce departments, and NASA.
Since then, the commission has been working on hammering out recommendations for the next administration. The group is scheduled to present a report of its findings to the public during a press conference later today in Washington.
It’s a critical moment for national cybersecurity, following a renewed round of cyber attacks and data breaches at major U.S. and state government departments, while observers look to see how Obama plans to lay the groundwork in his administration to safeguard against to those threats.
The CSIS committee is hoping that Obama will follow its recommendations in beefing up the nation’s Internet security — suggestions that include creating and reorganizing national cybersecurity offices, new guidelines for agencies and contractors, and the potential for an overhaul of national information security regulations.
The group said its recommendations recognize that cybersecurity is a major national security problem. It also concluded that decisions and actions about cybersecurity must respect privacy and civil liberties, and that only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity can make America more secure.
It’s uncertain how much of the commission’s recommendations are likely to be adopted by the Obama administration. But it’s clear that the suggestions are certain to carry some weight, considering the source.
The commission’s leadership includes U.S. lawmakers like Rep. Jim Langevin (D-RI), chairman of the Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology; as well as corporate representatives like Scott Charney, Microsoft’s (NASDAQ: MSFT) corporate vice president for trustworthy computing. It’s also co-chaired by Harry Raduege, a retired lieutenant general with the U.S. Air Force and chairman of the Deloitte Center for Network Innovation. Raduege also earlier served as the Air Force’s director of the Defense Information Systems Agency.
James A. Lewis, project director for the commission, told InternetNews.com in an e-mail that the commission plans to eventually make its presentation to President-elect Obama’s transition team.
He added that the transition team has agreed to a briefing but has not yet set a date.
The commission also urged Obama to create a new National Security Council (NSC) Cybersecurity Directorate, which would absorb the current functions of the Homeland Security Council. The NOC would support both the NSC Cybersecurity Directorate and the assistant to the president for cyberspace.
According to the CSIS, the NOC, the NSC Cybersecurity Directorate and other relevant agencies should be given authority over various cybersecurity initiatives, including the Trusted Internet Connections initiative.
They should also have the authority to approve budget proposals relating to cyberspace before these are sent to the Office of Management and Budget for final approval.
The CSIS Commission also suggested that the president direct the new NSC and related agencies to create a comprehensive national security strategy for cyberspace, leveraging America’s diplomatic, intelligence, military and economic capabilities, and using law enforcement to bolster its efforts.
“Any successful effort to secure cyberspace will be marked by the ability of law enforcement to identify and prosecute cybercriminals,” the report said. It also suggested that U.S. law enforcement agencies should work more closely with their counterparts abroad to combat Internet threats.