CSIS CYBER POLICY TASK FORCE
A cybersecurity task force that included members of Congress focused on the issue recommended that the Trump administration improve and reorganize oversight authorities, elevate the role of the White House cybersecurity coordinator and clarify the cyber defense roles of civilian and military agencies.
The task force was co-chaired by Rep. Michael McCaul (R-Texas), Sen. Sheldon Whitehouse (D-R.I.), former White House Senior Director of Cybersecurity Sameer Bhalotra as well as former Administrator of E-Government and Information Technology at the Office of Management and Budget and current transition team member Karen Evans.
McCaul serves as chairman of the House Homeland Security Committee, and Whitehouse is a ranking member of the Judiciary Subcommittee on Crime and Terrorism.
The recommendations in the report, released Jan. 5 by the Center for Strategic and International Studies, include policy, organizational and personnel proposals.
The next administration is inheriting a going enterprise. This means that recommendations require a high degree of specificity and impenetrability. What the next administration will inherit will be shaped by what this administration has done The most salient recommendations are summarized below, grouped into three categories: policy, organization, and resources.
1. Policy Recommendations
Revise the International Cybersecurity Strategy
The 2009 CSIS Report advocated a comprehensive approach to international cybersecurity using all the tools of national power. The central points included developing norms and confidence- building measures and finding ways to make deterrence effective. There has been progress in implementing these recommendations, but while the goals underpinning recommendations remain sound, the world is a very different place than it was in 2009, much more conflictual and much more dependent on cyberspace. There have been important political changes as well, with the 2013 recognition that international law, the UN charter, and national sovereignty all apply to cyberspace. The 2011 international strategy needs to be replaced to better fit a different world………………………
Take a New Approach to Building Agreement on International Stability
The next president needs to address two major questions on the direction of international cybersecurity: Is it time to consider a more formal approach to building security and stability in cyberspace? And to what extent should an expanded or even continued efforts to build focus on agreement among likeminded states……………..
Expand Deterrence and Create Consequences
The most important lesson is that deterrence cannot rely solely on the use or threat to use military force. The most effective deterrent actions were the threat of sanctions or indictments. The combination of indictments and the threat of sanctions led China to agree to end commercial espionage. In international law these would be called “countermeasures,” retaliatory actions that do not involve the use of force. In arms control parlance, the United States would benefit from “populating all the rungs of the deterrence ladder” with the appropriate potential responses and then communicating them to opponents…………….
Take a More Assertive Approach to Combat Cyber Crime
……………The U.S. position is that the Budapest Convention on Cybercrime provides a sufficient legal framework for prosecuting cyber crime, and if nations would adopt the treaty, we would all be better off. In the 15 years since the convention was opened for signature, 50 countries have joined. More rapid progress is needed in winning global support……………The cybersecurity industry is developing sophisticated tools and services to protect networks. Traditional monitoring and perimeter defenses are being supplemented by advanced signature analysis, analytics that can detect anomalies associated with malware, and new approaches to multifactor authentication. These efforts may not involve personally identifiable information (PII) in the traditional sense, but raise issues for protecting personal information while take advantage of on new cybersecurity technology.
We recommend that the next president:
Protect privacy in cybersecurity activities by developing with the private sector a set of principles and best practices that address commercial data collection and the expectation of privacy when physical and digital information is digitally mingled………..
READ FULL REPORT cyberrecommendationsnextadministration_web