The Obama Administration has recommended that incoming President Donald Trump execute a comprehensive cybersecurity strategy, including the training of 100,000 white hats.
A special Commission has delivered a report outlining cybersecurity as one of the greatest challenges that the US faces—as reflected in President Obama’s 2017 budget, which calls for a more than 35% increase in federal cybersecurity resources.
The incoming Trump administration is first being advised to train 100,000 hackers by 2020 as part of a "national cybersecurity workforce program" that would deliver experts to businesses and government agencies across the country—addressing the much-publicized workforce skills shortage.
The Commission also recommends establishing international norms for hacking—a kind of Geneva Convention for ethics in cyberwar; and to establish a precedent for product liability when internet-connected devices have little or no security. The Trump administration is being asked to have the issue examined by the Department of Justice, Department of Homeland Security and regulators at the Federal Trade Commission and Consumer Product Safety Commission.
“Internet of Things (IoT) devices are the current "it thing" in cybersecurity, as there is no true standard for developing, deploying or securing the software which runs these kinds of devices," said Nathan Wenzler, principal security architect at AsTech Consulting, via email. "As they become more and more ubiquitous, IoT devices present a huge platform for cybercriminals and hacktivists to target, compromise and use for whatever purpose they see fit. Putting an emphasis on building secure IoT platforms and increasing R&D for developing operating systems and related software products in a secure manner from the start is a hugely important area of Information Security that extends well beyond IoT devices alone. It's commonly said that, when it comes to security, it's ‘better to bake it in than bolt it on.’ The commission's action items for developing and funding programs to accomplish this sort of proactive methodology to develop secure platforms before they're deployed, rather than trying to add in security functions later is going to be an absolutely crucial requirement going forward to secure our data and infrastructure for the foreseeable future.”
Obama said that he has asked the Commission, which included ex-NSA director Keith Alexander, MasterCard CEO Ajay Banga, plus other notable business executives, lawyers and academics, to brief the president-elect’s transition team at its earliest opportunity. He also called on Congress to fully fund the cybersecurity needs outlined in the 2017 budget and elsewhere before the end of the year—investing in areas such as securing federal information technology systems, protecting critical infrastructure, and investing in the cybersecurity workforce.
The Trump administration is also being advised to issue a national cybersecurity strategy in the first six months of his term, and to appoint a new cyber-advisor and cyber-ambassador.
“Agencies are increasingly centralizing their cybersecurity efforts and relying on the Department of Homeland Security (DHS) for shared services like vulnerability detection, network discovery and monitoring, intrusion detection and prevention, and cybersecurity assessments of high priority IT systems,” Obama said in a statement. “Consolidating DHS’ cybersecurity and infrastructure protection missions within a single DHS line agency—as my Administration has proposed, and as the Commission recommends—would further strengthen DHS’ ability to support federal and critical infrastructure cybersecurity.”
He added, “In total, the Commission’s recommendations affirm the course that this Administration has laid out, but make clear that there is much more to do and the next Administration, Congress, the private sector and the general public need to build on this progress. Deepening public-private cooperation will help us better protect critical infrastructure and respond to cyber incidents when they occur. Expanding the use of strong authentication to improve identity management will make all of us more secure online. Increasing investments in research and development will improve the security of products and technologies. Investing in human capital, education, and the productivity of the cybersecurity workforce will ensure that this country’s best and brightest are helping us stay ahead of the cybersecurity curve. Continuing to prioritize and coordinate cybersecurity efforts across the federal government will ensure that this critical challenge remains a top national security priority. And furthering the promotion of international norms of responsible state behavior will ensure that the global community is able to confront the ever-evolving threats we face.”
Photo © Stuart Miles