Panel urges bet­ter cy­ber­se­cu­rity to Pres­i­dent-elect Trump Obama’s mixed legacy on cy­ber­se­cu­rity in ques­tion

Kuwait Times - - TECHNOLOGY -

A pres­i­den­tial commission on Fri­day made 16 ur­gent rec­om­men­da­tions to im­prove the na­tion’s cy­ber­se­cu­rity, in­clud­ing cre­at­ing a nu­tri­tional-type la­bel to help con­sumers shop wisely and ap­point­ing a new in­ter­na­tional am­bas­sador on the sub­ject - weeks be­fore Pres­i­dent-elect Don­ald Trump takes of­fice.

The re­lease of the 100-page re­port fol­lows the worst hack­ing of US gov­ern­ment sys­tems in his­tory and ac­cu­sa­tions by the Obama ad­min­is­tra­tion that Rus­sia med­dled in the US pres­i­den­tial elec­tion by hack­ing Democrats.

The Pres­i­den­tial Commission on En­hanc­ing Na­tional Cy­ber­se­cu­rity urged im­me­di­ate ac­tion within two to five years and sug­gested the Trump ad­min­is­tra­tion con­sider act­ing on some pro­pos­als within its first 100 days.

The commission rec­om­mended that Trump cre­ate an as­sis­tant to the pres­i­dent for cy­ber­se­cu­rity, who would re­port through the na­tional se­cu­rity ad­viser, and es­tab­lish an am­bas­sador for cy­ber­se­cu­rity, who would lead ef­forts to cre­ate in­ter­na­tional rules. It urged steps, such as get­ting rid of tra­di­tional pass­words, to end the threat of iden­tity theft by 2021 and said Trump’s ad­min­is­tra­tion should train 100,000 new cy­ber­se­cu­rity work­ers by 2020.

Other ideas in­cluded help­ing con­sumers to judge prod­ucts us­ing an in­de­pen­dent nu­tri­tional-type la­bel for tech­nol­ogy prod­ucts and ser­vices. “What we’ve been do­ing over the last 15 to 20 years sim­ply isn’t work­ing, and the prob­lem isn’t go­ing to be fixed sim­ply by adding more money,” said Steven Chabin­sky, a commission mem­ber and the global chair of the data, pri­vacy and cy­ber­se­cu­rity prac­tice for White & Case LLP, an in­ter­na­tional law firm.

He said the group wanted the bur­den of cy­ber­se­cu­rity “moved away from ev­ery com­puter user and han­dled at higher lev­els,” in­clud­ing in­ter­net providers and prod­uct de­vel­op­ers who could en­sure se­cu­rity by de­fault and de­sign “for ev­ery­one’s ben­e­fit.”

The White House re­quested the re­port in Fe­bru­ary and in­tended it to serve as a tran­si­tion memo for the next pres­i­dent. The commission in­cluded 12 of what the White House de­scribed as the bright­est minds in busi­ness, academia, tech­nol­ogy and se­cu­rity. It was led by Tom Donilon, Obama’s for­mer na­tional se­cu­rity ad­viser.

The panel stud­ied shar­ing in­for­ma­tion with pri­vate com­pa­nies about cyber threats, the lack of tal­ented Amer­i­can se­cu­rity en­gi­neers and dis­trust of the US gov­ern­ment by pri­vate busi­nesses, es­pe­cially in Sil­i­con Val­ley. Clas­si­fied doc­u­ments stolen un­der Obama by Ed­ward Snow­den, a con­trac­tor for the Na­tional Se­cu­rity Agency, re­vealed gov­ern­ment ef­forts to hack into the data pipe­lines used by US com­pa­nies to serve cus­tomers over­seas.

One com­mis­sioner, Her­bert Lin of Stan­ford Univer­sity, said some se­nior in­for­ma­tion tech­nol­ogy man­agers dis­trust the fed­eral gov­ern­ment as much as they dis­trust China, widely re­garded as ac­tively hack­ing in the US

Pres­i­dent Barack Obama said in a writ­ten state­ment af­ter meet­ing with Donilon that his ad­min­is­tra­tion will take ad­di­tional ac­tion “wher­ever pos­si­ble” to build on its ef­forts make progress be­fore he leaves of­fice next month. He urged Trump and the next Congress to treat the rec­om­men­da­tions as a guide.

“Now it is time for the next ad­min­is­tra­tion to take up this charge and en­sure that cy­berspace can con­tinue to be the driver for pros­per­ity, in­no­va­tion, and change both in the United States and around the world,” Obama said.

It was not im­me­di­ately clear whether Trump would ac­cept the group’s rec­om­men­da­tions. Trump won the elec­tion on prom­ises to re­duce gov­ern­ment reg­u­la­tions, although decades of re­ly­ing on mar­ket pres­sure or ask­ing busi­nesses to vol­un­tar­ily make their prod­ucts and ser­vices safer have been largely in­ef­fec­tive.

Trump’s pres­i­den­tial cam­paign ben­e­fited from em­bar­rass­ing dis­clo­sures in hacked emails stolen from the Demo­cratic Na­tional Com­mit­tee, Hil­lary Clin­ton’s cam­paign staff and oth­ers, and Trump openly in­vited Russian hack­ers to find and re­lease tens of thou­sands of per­sonal emails that Clin­ton had deleted from the pri­vate server she had used to con­duct gov­ern­ment busi­ness as sec­re­tary of state. He also dis­puted the Obama ad­min­is­tra­tion’s con­clu­sion that Rus­sia was re­spon­si­ble for the Demo­cratic hack­ings.

Though Trump is a pro­lific user of on­line so­cial me­dia ser­vices, es­pe­cially Twit­ter, he is rarely seen us­ing a com­puter. His cam­paign man­ager, Kellyanne Con­way, tweeted a pho­to­graph Mon­day of Trump work­ing on an Ap­ple lap­top in­side his of­fice at Trump Tower. He tes­ti­fied in a de­po­si­tion in 2012 that he did not own a per­sonal com­puter or smart­phone, and in an­other de­po­si­tion ear­lier this year said he de­lib­er­ately does not use email.

Trump has al­ready promised his own study by a“Cyber Re­viewTeam”of peo­ple he said he will se­lect from mil­i­tary, law en­force­ment and pri­vate sec­tors. He said his team will de­velop manda­tory cyber awareness train­ing for all US gov­ern­ment em­ploy­ees, and he has pro­posed a buildup of US mil­i­tary of­fen­sive and de­fen­sive cyber ca­pa­bil­i­ties that he said will de­ter for­eign hack­ers.

The new re­port sug­gested that the gov­ern­ment should re­main the only or­ga­ni­za­tion re­spon­si­ble for re­spond­ing to large-scale at­tacks by for­eign coun­tries.

Obama has a mixed legacy on cy­ber­se­cu­rity.

Un­der Obama, hack­ers stole per­sonal data from the US Of­fice of Per­son­nel Man­age­ment on more than 21 mil­lion cur­rent, for­mer and prospec­tive gov­ern­ment em­ploy­ees, in­clud­ing de­tails of se­cu­rity-clear­ance back­ground in­ves­ti­ga­tions for fed­eral agents, in­tel­li­gence em­ploy­ees and oth­ers. The White House also failed in its ef­forts to con­vince Congress to pass a na­tional law - sim­i­lar to laws passed in some states - to re­quire hacked com­pa­nies to no­tify af­fected cus­tomers.

But the Obama ad­min­is­tra­tion also be­came more ag­gres­sive about pub­licly iden­ti­fy­ing for­eign gov­ern­ments it ac­cused of hack­ing US vic­tims, ar­rested some high-pro­file hack­ers over­seas, suc­cess­fully shut down some large net­works of hacked com­put­ers used to at­tack on­line tar­gets, en­acted but never ac­tu­ally used eco­nomic sanc­tions against coun­tries that hacked Amer­i­can tar­gets and used a so­phis­ti­cated new cyber weapon called Stuxnet against Iran’s main nu­clear en­rich­ment fa­cil­i­ties.

Congress passed a new law in late 2015 to en­cour­age com­pa­nies and the gov­ern­ment to share in­for­ma­tion about on­line threats.

—AP

WASH­ING­TON: In this Feb. 17, 2016, file photo, Pres­i­dent Barack Obama, joined by from left, Com­merce Sec­re­tary Penny Pritzker, for­mer IBM CEO Sam Palmisano, for­mer Na­tional Se­cu­rity Ad­viser Tom Donilon, and Home­land Se­cu­rity Sec­re­tary Jeh John­son, talks to me­dia in the Oval Of­fice of the White House.

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.