In the coming days, a new presidential commission on cybersecurity will get to work, with a broad mandate to develop “actionable” cyber policy proposals and an extremely tight deadline for completing its work.
Kiersten Todt, formerly president and managing partner of Liberty Group Ventures, was appointed last week as executive director of the new Commission on Enhancing National Cybersecurity, which was created by executive order earlier this year.
President Obama previously named former National Security Adviser Tom Donilon to chair the commission and former IBM CEO Sam Palmisano to serve as vice chair. The rest of the 12-member commission should be announced shortly, according to Todt, who said the White House vetting process is almost completed.
And, in an appearance before a federal cybersecurity advisory board on March 23, Todt acknowledged that getting the appointees in place can’t happen quickly enough.
That’s because the commission must produce a final report by Dec. 1, offering immediate, concrete steps that industry can take to improve cybersecurity as well as recommendations for the next administration on how to tackle cyber challenges over a 10-year horizon.
“The timeline is tough but it works to the benefit of this kind of effort,” Todt said in an appearance before the National Institute of Standards and Technology’s Information Security and Privacy Advisory Board.
The process, she said, will resemble “a marathon within a sprint.”
The commission will hold an inaugural meeting shortly after the membership is announced, Todt told InsideCybersecurity.com. “That is the goal,” she said.
Todt said the commission will try to produce 10 or so significant recommendations for immediate and long-term actions. “It’s not a report for the shelf,” Todt said. And it won’t be a valedictory statement by an administration heading out the door.
The aim is to produce “something useful going forward,” Todt said. Not shying away from a challenge, she said the commission will strive to “create recommendations and actions that go deep into a corporation to create a cultural shift.”
That lofty goal is already generating some skepticism, especially from the security and privacy board’s own chairman, Peter Weinberger of Google.
“I’m looking for a hint that [the commission] will find something new” that can help promote a “culture change” among top corporate executives, Weinberger said. The executive suite in the corporate world still largely views cybersecurity as a problem for the techies, Weinberger complained.
“I’m pessimistic about the eventual product,” Weinberger bluntly told the new executive director. “People don’t want to rearrange their systems and processes, and that’s what’s required.”
“You’re anticipating the final product,” Todt said. “I think you’ll be pleasantly surprised.”
The commission’s ultimate report will reflect a “pyramid” of solutions involving people, process and technology, she explained. The goal will be to look at “the context of these issues differently.”
Todt and the members of the commission have about eight months to prove the skeptics wrong.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” coming this spring from Rowman and Littlefield.
