Yesterday, President Obama, by Executive Order, established the Commission on Enhancing National Cybersecurity within the Department of Commerce.
The commission will be comprised of up to 12 members including “those with knowledge about or experience in cybersecurity, the digital economy, national security and law enforcement, corporate governance, risk management, information technology (IT), privacy, identity management, Internet governance and standards, government administration, digital and social media, communications, or any other area determined by the President to be of value to the commission.”
The mission of the commission will be to make recommendations “to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions”…and developing public-private partnerships and relationships around best practices around cybersecurity, including appropriate technology.
The commission will provide recommendations for upgrading the Federal civilian IT systems and infrastructure, enhancements to protect critical infrastructure, and assistance for state and local governments to enhance cybersecurity.
The commission is to provide a final report by December 1, 2016, which will be published on a public website thereafter, and the commission will terminate 15 days after it issues its final report, unless extended by the President.
It is unclear what will happen to the recommendations thereafter, which is disappointing. As we know in the data privacy and security world, cybersecurity is a never ending process that must be continually assessed, refined and updated. Hopefully, there will be a continued effort by the government after the commission’s work, report and recommendations.