A Cybersecurity Agenda for the 45th President

January 5, 2017

The Center for Strategic and International Studies (CSIS) Cyber Policy Task Force today released its final report “From Awareness to Action - A Cybersecurity Agenda for the 45th President.”

Guided by Senator Sheldon Whitehouse and House Homeland Security Committee Chair Michael McCaul, a group of the nation’s leading cybersecurity experts in the bipartisan CSIS Cyber Policy Task Force have developed implementable recommendations on policy, organization, and resources for the next administration. Senator Whitehouse said “it is essential that the incoming administration understand the scope and severity of the cyber threat and be ready to move nimbly to address this rapidly evolving challenge. This report provides a wealth of recommendations that will help government and the private sector work together to make our country safer.” Representative McCaul said “better cybersecurity is crucial for our national and economic security. Our recommendations can help shape the cybersecurity agenda for the next four years.”

East Coast Co-Chair Karen Evans said “assembling experts who know the state of play let us create pragmatic, achievable recommendations on the issues the Federal government confronts.” West Coast Co-Chair Sameer Bhalotra said that “bringing the Silicon Valley perspective took us in significant new directions for private sector action to increase transparency, workforce skills and reduce vulnerabilities.” The Task Force recommendations would strengthen Federal organization, focus private sector leadership on data security, create consequences for attackers, and incentivize domestic actors to improve cybersecurity. Key recommendations include:

• Accelerate efforts to secure critical infrastructures and services and improve “cyber hygiene.” Use incentives, but if they don’t work, don’t be afraid to regulate. As part of this, the U.S. needs to improve authentication of identity and secure government agencies using managed services and service.
• Incentivize companies to make cybersecurity and data protection a priority for Boards and C-Suites.
• Identify what resource issues, such as research or workforce development, need Federal action and which are best left to the private sector.
• Strengthen government cybersecurity by streamlining White House bureaucracy, creating a special GAO office dedicated to federal cybersecurity, and clarify the roles of DOD and other agencies. A stronger DHS is crucial, and the new Administration must either strengthen DHS with more resources and a clear cybersecurity mission or create a new cybersecurity agency.
• Revise the international strategy to emphasize partnerships with like-minded nations against common foes and improve the ability to deter attackers by developing a full range of response and countermeasures that go beyond the threat of military action.
• Significantly increase senior level attention to cybercrime, and build international cooperation to fight botnets and sophisticated financial crime, and creating penalties for countries that won’t cooperate.

The Cyber Policy Task Force report and a list of members is available at cs.is/2iUdFrh.