The Commission on Cyber Security for the 44th Presidency released a report Monday on Internet security with recommendations. The focus of the commission, part of the Center for Strategic and International Studies, is to provide President-Elect Barack Obama's administration with insight on cybercriminal activities.
In recent years U.S. agencies, including the Pentagon and the Department of Homeland Security, have experienced computer break-ins.
The commission was established in August 2007 to plan policy changes for the new administration. It has made more than two dozen recommendations to the Obama administration, including creating a new office for cyberspace. To create the office, it recommends merging the National Cyber Security Center and the Joint Interagency Task Force.
"We will never be fully secure in cyberspace, but much can be done to reduce risk, increase resiliency, and gain new strengths," the commission's report says. "We believe that the next administration can improve the security situation in relatively short order."
The commission, which met four times and had 30 briefings with government officials and private-sector experts, said the cyberspace war has begun and recommended that the proposed National Office for Cyberspace assume authority.
A Center for Cyber Security Operations was also proposed. The CCSO would be a nonprofit group of public and private agencies collaborating on security matters.
Security experts, including Microsoft's Paul Nicholas and McAfee's Dan Hickey, and research scientists, including Jim Gosler of Sandia National Laboratories and Clint Kreitner, president of the Center for Internet Security, advised the commission.
It's likely this will be the first step in the Bush administration's $15 billion cybersecurity initiative.
The National Office for Cyberspace would have authority to revise the Federal Information Security Management Act, oversee the Trusted Internet Connection initiative and the Federal Desktop Core Configuration, and require agencies to submit budget proposals relating to cyberspace before submission to the Office of Management and Budget.
The 25 listed recommendations also include creation of three public-private advisory groups, reforming the National Information Assurance Policy, and increasing the use of secure Internet protocols. Another recommendation includes increasing cybersecurity research funding, currently set at $300 million for fiscal year 2009.
"The next administration has an opportunity to improve the situation; we hope these recommendations can contribute to that effort and its success," the report says.