The Center for Strategic and International Studies (CSIS) has today published a new report - "Securing Cyberspace for the 44th Presidency". In it they lay out 9 high-level recommendations, which are:
* Create a comprehensive national security strategy for cyberspace.
* Lead from the White House.
* Reinvent the public-private partnership.
* Regulate cyberspace.
* Authenticate digital identities.
* Modernize authorities.
* Use acquisitions policy to improve security.
* Build capabilities.
* Do not start over.
Overall, this looks like an ok report, though I'm always a bit skeptical. I still don't have a reasonable expectation that Congress has enough competency in Internet policy to adequately address concerns. President-elect Obama certainly is more tech-savvy than any prior president, but that doesn't necessarily mean he'll be able to get impart that wisdom to the Congressional common people.
I'm definitely in favor of a new Cybersecurity Directorate being established within the National Security Council - it would provide a much needed elevation in visibility and authority. I do, however, get concerned when I read statements recommending a central government strong authentication and credentialing scheme. We do not need another REAL ID debacle. We do not need the federal government to release a national credential. It's not the role of federal government, but rather a responsibility that has been delegated to the States (see, for example, birth certificates). (For more on why REAL ID is a bad idea, see the EFF REAL ID action site.)
In the end, the report is probably good for the most part, though it does lack creativity in some areas. We need new solutions to these now-age-old problems. What we've been doing thus far has not been effective - so why think that doing more of it would have different results. Anyway... give it a read - I'd be curious what you think! :)
