Cybersecurity report offers Obama some far-reaching recommendations

A congressionally sponsored study conducted by the Center for Strategic and International Studies, made public on Monday, recommends everything from the creation of a the National Office for Cyberspace outside the authority of the Department of Homeland Security to maintaining "sufficient manufacturing capabilities" at home to supply components and software that is not dependent on a global supply chain.

On the issue of the Department of Homeland Security and maintaining cybersecurity, the comprehensive 64-page report, titled Securing Cyberspace in the 44^th Presidency, was emphatic.

"Many felt that leaving any cyber function at DHS would doom that function to failure," according to the report, which went on to state that a comprehensive approach to cybersecurity "falls outside the scope of DHS’s competencies."

[ See also "Five must-do cybersecurity steps for Obama." ]

One of the more far-reaching conclusions of the committee that may have unexpected consequences is the inclusion of the private sector under the umbrella of national security. In going beyond anything stated in the past about our economic well-being and national security it is implying that private enterprise may have to comply with new security regulations. 

Time and again the report references our economic well-being and calls for a "public-private partnership for cybersecurity."

Under the heading "Rebuilding Partnership with the Private Sector," the committee offers three recommendations to build trust between company executives and the government: a Presidential Advisory Committee; a town hall national stakeholders organization as a platform for discussion; and a Center for Cybersecurity Operations (CCSO) for public and private sector entities to collaborate and share information on critical cybersecurity in a trusted environment.

As the private sector continues to be used by the government for products and services ranging from data warehousing to building jet fighter planes, the relationship between national security and the private sector becomes more and more blurred, according to the report. 

Tom Kellerman, chair of the commission's Threats Working Group said that over 100 countries have been identified as using military-level cyber technology to aid their national companies in stealing intellectual property.

"Many of these countries endow [their] national corporations with cyber espionage capabilities so as to steal intellectual property for the sake of economic advantage."

The report also states that when it comes to regulating cyberspace, "voluntary action is not enough," and calls on the U.S. -- it did not identify what entity in the U.S. -- to assess and prioritize risks in order to set minimum cyberspace security standards. 

The report also calls on President-elect Obama to offer legislation that "eliminates the current legal distinction between the technical standards for national-security systems and civilian-agency systems."

Committee members elaborated on their call for regulation by saying it should avoid "prescriptive mandates" but at the same time not have an "over reliance on market forces."