There may be a lot of question marks heading into the first year of Donald Trump’s administration, but we do know one thing for sure. He has been given a blue print for cybersecurity, thanks to the recently released report from the Commission on Enhancing National Cybersecurity. President Obama put together the nonpartisan commission in February 2016 to investigate the state of cybersecurity in the U.S. and to recommend the actions that should be taken by the government and the private sector. It’s an impressive group of cybersecurity professionals and experts.
The Commission came up with 16 recommendations and 53 associated action items, ranging from having the private sector and government “collaborate on a roadmap for improving the security of digital networks,” with attention paid specifically to DDoS attacks and spoofing, to focusing on the cybersecurity of SMBs, to improving cybersecurity research efforts.
Cybersecurity is something that everyone must strive for, and the Commission pointed that out, as Craig Kunitani, COO and CTO at Security Mentor, told me in an email comment:
The inclusion of Imperative 3, ‘Prepare Consumers to Thrive in the Digital Age’, in the Commission’s report, demonstrates the significance of providing security awareness training for the general public. The report goes on to say ‘Raising cybersecurity awareness has long been a core aim of U.S. cybersecurity strategy, and the notion that consumer awareness about cybersecurity should be heightened is broadly accepted.’ The report provides broad guideline recommendations for government steps to achieve this goal for the general public. Nevertheless, the nation already has an ongoing history of successfully securing commercial sector employees by companies that provide effective engaging security awareness training. Training all employees in all aspects of security practices must remain a priority for businesses moving forward. This is imperative.
The report would like to see the new administration make cybersecurity awareness training a priority in the first 100 days. Also, the Commission would like to see the government bring in 100,000 ethical hackers to defend the infrastructure from cyberattacks.
It is quite a comprehensive report, touching on almost any cybersecurity issue you can think of – and maybe even some you didn’t. The FIDO Alliance pointed out one such recommendation:
An ambitious but important goal for the next administration should be to see no major breaches by 2021 in which identity — especially the use of passwords — is the primary vector of attack.
Eliminating the need for passwords in five years? That’s the only way you can eliminate password-related data breaches. That will be a massive undertaking, and I hope it can be accomplished. I’ve discussed many times the danger of passwords, but I worry that they are too ingrained into our digital identities, and that it will take longer than five years to move past them or make them totally secure.
As Nathan Wenzler, principal security architect at AsTech Consulting, said to me via email:
The Commission's report outlines a number of critical recommendations for addressing many of the fundamental security concerns and shortcomings we find here in the U.S. I am optimistic that these recommendations are taken to heart and acted upon.
I hope that Trump agrees and follows the Commission’s recommendations.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba