If you are a technologist, please take a moment to download the PDF of the report by the U.S. Commission on Cybersecurity. This report, titled Securing Cyberspace for the 44th Presidency, is the best proclamation of the challenges of cyber I have read. It is also a roadmap that will help any trying to navigate these very tough issues.
I’ve been involved in things cyber for a long time. My deepest
involvement began in December 1998, almost 10 years ago to the day. In all that time I’ve seen lots of studies and lots of papers and many treatments of the issues. But I’ve never seen one that captures the complexities and the need for specific actions as well as this one.
I’d really recommend you read every word, if you want to be considered literate in this field. But if it will be a little while till you get to it, here are some key points:
The three major findings are: 1) Cybersecurity is now a major national security problem for the U.S., 2) Decisions and actins must respect privacy and civil liberties, and 3) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure.
The report makes a few points about the Bush Administration’s Comprehensive National Cybersecurity Initiative (CNCI). In general the give credit to that initiative, and call it good. I agree, it is a great activity I’ve previously written about that is led by one of the most effective people in government today and has done great work. But as the commission points out, the work of the CNCI is good but not sufficient.
The biggest shock for me in this study: The amount of funding on R&D for cyber security. I have been looking into the many activities underway, and maybe that look made me deceive myself into thinking it was a well funded effort. According to the commission, however, they estimate that the total R&D funding in the federal government for cybersecurity is about $300million. Less than two-tenths of one percent of the total federal R&D.
The report has a great section on identity management.
I am convinced the organizational approaches outlined in the study are the right ones as well. There is only one place in our government where we can lead solutions to this challenge. Where is that? Hey read the report!
What else do I recommend CTOs do besides read the report? I think one way we can all help the cybersecurity effort is to think through which standards bodies are the most important to engage with regarding security.
For more on these topics see the CTOvision Guide to National Security Technology and