Backstory
On February 9th, President Obama issued an Executive Order, the “COMMISSION ON ENHANCING NATIONAL CYBERSECURITY.” Section 3 describes the mission.
Mission and Work. The Commission will make detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State, and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices. The Commission's recommendations should address actions that can be taken over the next decade to accomplish these goals.
The membership of the commission would be appointed by the President.
April 2016
On Wednesday, April 13th, Special Assistant to the President and Cybersecurity Coordinator, Michael Daniel, announced the membership of the bi-partisan commission. “Today, we are pleased to announce that the President and the bipartisan Congressional leadership have selected the 12 individuals to serve on the Commission. They are:”
- Tom Donilon, former Assistant to the President and National Security Advisor (Chair)
- Sam Palmisano, former CEO of IBM (Vice Chair)
- General Keith Alexander, CEO of IronNet Cybersecurity, former Director of the National Security Agency and former Commander of U.S. Cyber Command
- Annie Antón, Professor and Chair of the School of Interactive Computing at Georgia Tech.
- Ajay Banga, President and CEO of MasterCard
- Steven Chabinsky, General Counsel and Chief Risk Officer of CrowdStrike
- Patrick Gallagher, Chancellor of the University of Pittsburgh and former Director of the National Institute of Standards and Technology
- Peter Lee, Corporate Vice President, Microsoft Research
- Herbert Lin, Senior Research Scholar for Cyber Policy and Security at the Stanford Center for International Security and Cooperation and Research Fellow at the Hoover Institution
- Heather Murren, former member of the Financial Crisis Inquiry Commission and co-founder of the Nevada Cancer Institute
- Joe Sullivan, Chief Security Officer of Uber and former Chief Security Officer of Facebook
- Maggie Wilderotter, Executive Chairman of Frontier Communications
The statement continues, in part…
These 12 individuals will be charged with recommending bold, actionable steps that the government, private sector, and the nation as a whole can take to bolster cybersecurity in today’s digital world, and reporting back by the beginning of December. They will hold their first public meeting tomorrow at the U.S. Department of Commerce, where they will be joined by Secretary of Commerce Penny Pritzker, Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco, and others to discuss the critical work that lies ahead for the Commission.
Observations
The makeup of the commission is interesting. The selection of a former director of the NSA, General Keith Alexander is good news, as well as Peter Lee, VP of Microsoft Research. Also notable is Patrick Gallagher, a former director of the National Institute of Standards and Technology. Given that these individuals, amongst the other distinguished members, are working in a bi-partisan way, it appears that the interests of all will be well explored and respected.
Meeting with the Secretary of Commerce Penny Pritzker is notable. The Secretary of Commerce is the cabinent member who signs off on the security of government purchased software. See: “Even the Federal Government Won’t Buy Apple Products That Don’t Meet Encryption Standards.”
The timing is interesting. Given that rushed and alarming encryption legislation is already in progress, such as the Burr-Feinstein bill, it would seem expedient for the President's commission to move briskly. While ongoing results will probably be disclosed, it would seem expedient to have the final recommendations made this summer, not after the Presidential election in November. That timing seems problematic at first glance.
Finally, given the fact that only a handfull of members of Congress have computer science degrees, and the rest can be expected to drive encryption legislation on non-technical, political grounds, it's good to see the high level of technical expertise on the President's commission.
We can likely expect a substantive and respected set of recommendations from this commission. Whether those are followed is up to the rest of Congress.
_______________
White House image via Shutterstock.