In February 2016, President Obama established the Commission on Enhancing National Cyber Security with an Executive Order. The Commission completed its report on December 1, 2016, providing detailed short-term and long-term recommendations to strengthen cyber security in both the public and private sectors, while protecting privacy, fostering innovation and ensuring economic and national security.
The report emphasises the need for partnerships between the public and private sectors, as well as international engagement. It also discusses the role consumers must play in enhancing the US’ digital security. The report categorises its recommendations within six overarching imperatives focused on infrastructure, investment, consumer education, workforce capabilities, government operations and requirements for a fair and open global digital economy.
The six imperatives are:
- Protect, defend, and secure today’s information infrastructure and digital networks.
- Innovate and accelerate investment for the security and growth of digital networks and the digital economy.
- Prepare consumers to thrive in a digital age.
- Build cyber security workforce capabilities.
- Better equip government to function effectively and securely in the digital age.
- Ensure an open, fair, competitive, and secure global digital economy.
The Commission’s recommendations are not binding, though it would be prudent to at least consider the report’s references and overviews given the broad base of expertise drawn on in the preparation of the document, including consultation with technical and policy experts, input from the public through open hearings and a request for information, and reviewed existing literature.
The heightened level of cyber threat on a national level is not just a US phenomenon but a trend that is growing across the globe, and it is high time cyber security is reflected within every government ministry and agency as a core function, with a direct reporting line to senior officials clearly defined and implemented.
The importance of securing digital infrastructure has become as important to a nation’s continued development as its choice of domestic or foreign policy, and in many ways cyber security spans both of these important areas given the rise in threats emanating from within countries and those being faced from abroad.
The six imperatives included in the Enhancing National Cyber Security report offer a strong framework for any progressive nation anywhere in the world to consider its cyber security posture and to take pro-active measures to improve its defences given the uncertain nature of threat actors, be they nation states or hacktivists, common criminals or other unknown adversaries.
It is telling that the first imperative in the report relates to, “protecting, defending, and securing today’s information infrastructure and digital networks” as a guiding requirement, given we believe this is the key factor in creating a trusted and sustainable digital environment in which all participants have confidence to invest in and prosper from.
This imperative is aligned to the Cyber Security Life-Cycle, which advises the planning, detection, protection, and recovery of digital assets in order to mitigate against the threat of a cyber incident. A holistic, end-to-end approach to cyber security is the most effective way to counter the ever-expanding cyber threat landscape, as it is clear that preventing or avoiding every cyber incident is just not possible.