The White House should lead a broad cybersecurity effort with the private sector to guard against potentially crippling attacks and boost confidence in the digital economy, a presidential commission said Friday.
The panel created by President Barack Obama in 2013 delivered a 90-page set of recommendations, noting that most would need to be carried out by incoming President-elect Donald Trump.
“It is critical that the next president and his administration and Congress begin immediately to tackle each one of the issues raised in this report,” the panel said.
“The commission considers this report a direct memo to the next president. The recommendations reflect what the commissioners believe are the highest-priority actions to take. Some recommendations call for actions within the first 100 days of the new administration.”
The report comes amid a wave of cyber attacks that have compromised data on tens of millions of US government employees, Yahoo users and other online services, and major companies such as Sony Pictures.
There are also concerns about risks to networks that control critical infrastructure such as electric grids and water systems.
The election campaign itself was also roiled by concerns about cyber attacks said to come from Russia.
The Commission on Enhancing National Cybersecurity, headed by former US national security adviser Thomas Donilon and former IBM chief Samuel Palmisano, called for a wide range of actions from both the public and private sector, while arguing that the White House has a responsibility to lead the efforts.
“We need to recognize that neither the government nor the private sector can capably protect systems and networks without extensive and close cooperation,” the report said.
The panel called for better public-private cooperation but said that “the government is — and should remain — the only organization with the responsibility and, in most cases, the capacity to effectively respond to large-scale malicious or harmful activity in cyberspace caused by nation-states.”
Specifically, it said the private and public sectors “should collaborate on a roadmap for improving the security of digital networks,” which can protect against so-called denial-of-service attacks that can shut down systems.
“The administration should focus first on mitigating and, where possible, eliminating denial-of-service attacks, particularly those launched by botnets,” the report said, referring to networks of web-connected machines that can be manipulated with malware.
– Mobile security, passwords –
Because of the growth in use of mobile devices, cybersecurity efforts should also focus on protecting against disruption of wireless communications, the panel said.
The government should prioritize efforts to guard against any attacks on the global positioning system (GPS) and have contingency plans if these systems fail, the report said.
One of the ways to guard against attacks is stepping up identity verification — which could be helped by moving away from passwords which are often stolen and used by hackers.
The panel also called for creation of a new civilian agency to lead cybersecurity and critical infrastructure protection, a new cybersecurity awareness campaign and the “equivalent of a cybersecurity ‘nutritional label’” for tech products and services.
Obama, in a statement, called the recommendations “thoughtful and pragmatic” and said his administration “will take additional action wherever possible” before he leaves office next month.
He said he asked the panel to brief the Trump transition team “at their earliest opportunity.