The Commission on Enhancing National Cybersecurity, established by President Obama, has released its much-awaited Report on Securing and Growing the Digital Economy (December 1, 2016). The Commission was tasked with assessing the state of our nation’s cybersecurity and developing actionable recommendations for securing the digital economy, while at the same time protecting privacy, ensuring public safety and economic and national security, and fostering the development of new technical solutions.
The Commission sought to examine what is working well, what represents a challenge, and what needs to be done to incentivize and cultivate a culture of cybersecurity in the public and private sectors. The Commission found that while the interconnectedness of the digital ecosystem creates unparalleled value for society, technological advancement is outpacing security and will continue to do so unless the government and the private sector change how they approach and implement cybersecurity strategies and practices.
Among the observed challenges, the Commission pointed out that technology companies are under significant market pressure to innovate and move to market quickly, often at the expense of cybersecurity. An example of this would be the widely-used Internet-of-Things (IoT) devices, ranging from pacemakers to fitness trackers to smart home devices, many of which do not provide sufficient security.
Another challenge is represented by mobile working environments. The Commission observed that gone are the days when employees performed work only at an office using an organization-issued (and controlled) desktop computer, but that many organizations fail to properly secure mobile devices. Moreover, today, no organization is an island, and few are able to function without connecting to vendors, customers, and partners in multiple global supply chains. These developments are making the classic concept of the security perimeter largely obsolete.