Cyberadvice awaits the next president
When the next president of the United States takes office in January 2009, he or she will be greeted with some advice on cybersecurity policy.
The Center for Strategic and International Studies has put together a Commission on Cyber Security for the 44th Presidency and expects to have a set of recommendations ready by the end of the year.
'We're a think tank, and that's what we do,' said James Lewis, senior fellow and director of the Technology and Public Policy Program at CSIS. 'This is yet another CSIS commission.'
The group held an organizational meeting in November and expects to have a second meeting in February. Working groups are being set up to do the detail work, and Lewis said a package of a half-dozen or so recommendations should be ready for the new president's desk sometime between the general election in November and the end of the year.
A detailed agenda has not yet been worked out, but issues expected to be addressed include infrastructure protection, software assurance, cybersecurity within agencies, and cooperative initiatives between the public and private sectors. One question that will be explored is whether the executive branch needs new legal authority to better pursue security policies.
'One of the ground rules is no criticism,' Lewis said. There will be no finger-pointing for past failures. Another rule for the commission is that the recommendations must be practical.
We want to focus on what can be implemented, not what would be nice to have.'
The idea for the commission came up in August, Lewis said.
'You had a lot of incidents over the summer that were very damaging,' he said. These included large-scale denial-of-service attacks against Estonia, major data breaches, and attacks against the infrastructures of the Defense, State and Commerce departments.
These incidents are not necessarily a demonstration of failure of current cybersecurity policies, Lewis said. 'Things have gotten better. But our adversaries have gotten better, too. Despite the good work of a lot of people, the problem has gotten worse. With a new administration coming in, this was an opportunity to step back and look for new ideas. It seemed like a good time to do it.'
There is a lot of interest in the project among security experts in industry. The target for the commission originally was 20 to 25 members. 'I think we ended up with 35,' Lewis said. Another 80 people asked to be involved, and 'we're looking for ways to include them.'
That's all fine and good; but what are the chances that the new president will implement the new recommendations, or even notice them in the hurly-burly of taking office? 'That's part of the transition.
Whoever is president is going to be bombarded with papers,' Lewis said. 'So we wanted to get reputable people who will get his attention. We have a pretty good batting average on getting recommendations adopted.'