President Barack Obama signed an executive order Tuesday setting up a new bipartisan commission to develop long-term solutions to the nation’s cybersecurity problems.
“Working together, my administration and congressional leaders will appoint top business, strategic and technology thinkers from outside government to provide specific recommendations for bolstering cybersecurity awareness and protections across the public and private sectors over the next decade,” Obama wrote in a Wall Street Journal editorial.
The president will appoint 12 experts to the Commission on Enhancing National Cybersecurity to “make detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy…” according to the order. The speaker and the minority leader of the House of Representatives, and the majority and minority leaders of the Senate, will nominate one member each.
The commission will report to the president by Dec. 1, and its report will be published within 45 days after that.
Some experts were skeptical, noting that a new administration — especially if it’s headed by a different party — might be reluctant to follow the dictates of its predecessor.
The White House announced the new commission as part of Obama’s Cybersecurity National Action Plan — the $19 billion plan that will include a $3 billion fund to overhaul federal IT as well as new testing labs and efforts to create a stronger workforce in cybersecurity.
During its 11 month long existence, the commission will investigate ways the nation can strengthen cybersecurity in both private and public sectors by researching topics such as new technology, best practices for identity assurance, federal IT governance, threat information sharing and education.
The commission’s announcement provoked mixed reaction from cyber watchers — some excited for its possibilities, some worried it will have no impact.
The commission reminds Columbia University senior research scholar Jason Healey of a highly successful Clinton-era body called the President’s Commission on Critical Infrastructure Protection — one of the first efforts by the U.S. government to examine cybersecurity. Just as that commission led the way to early upgrades in cybersecurity, he hopes the new body could inspire similar important improvements.
“I think I’m more optimistic than most of my colleges who see this as just another commission that will just recommend the same old things,” said Healey, who is part of Columbia’s School of International and Public Affairs. “I’m hopeful they will go beyond what most other taskforces do.”
To be most effective, Healey said the commission should focus on researching defensive software or approaches instead of offensively-based strategies. The commission’s ability to appoint highly distinguished members who could see a larger picture than governmental employees could also benefit it. For example, Healey said, Bill Gates would be a great member.
Christian Beckner, deputy director of the George Washington University’s Center for Cyber and Homeland Security, is more skeptical about the commission because the report will be released during the start of a new presidential term and executive cabinet. By December, he said, politicians in power may have a completely different approach to cybersecurity.
Commissions themselves, are heavily dependent on their staff and support, especially for a complex, lesser-understood topic like cybersecurity, said Lee Hamilton, who co-chaired the 9/11 Commission and is currently the senior advisor for the University of Indiana’s Center of Representative Government.
“You can’t do much unless you have an adequate budget and staff,” he said.
A focus on learning to keep pace with industry’s developing technologies is one of the most important reasons for the group, Beckner said.
“Investments like these can be hampered by their universal slow pace if they do not integrate to newer innovative tech,” he said.