As the prospect of a cybersecurity executive order looms, industry groups clamor to get an audience with President Donald Trump and his advisers to influence the administration’s technology policy.
(ISC)² emphasized the importance of strengthening the government’s IT workforce by teaching cyber literacy to every Federal employee, incentivizing hiring and retention, prioritizing investment in acquisition and human resources personnel, and employing people who can communicate technical needs to agency leaders, and establishing a standardized way to code open cybersecurity jobs.
“In a recent congressional hearing, (ISC)² had the opportunity to present these recommendations in an effort to advocate for our members and the broader cybersecurity profession during the presidential transition and beyond,” said Dan Waddell, (ISC)² managing director of the North America Region. “Significant progress has been made over the past decade to advance the Federal cyber workforce; our recommendations reflect the importance of building future cybersecurity policy—including the pending executive order—on the existing foundation.”
The Information Technology and Innovation Foundation on Monday released its Tech Policy To-Do List, which said that the government should create a national standard for data-breach notification, and require agencies that discover security flaws to report them in a timely manner.
“While most professional security researchers in the private sector and academia adhere to responsible disclosure policies to mitigate the threat from these vulnerabilities, U.S. government agencies do not,” ITIF said. “Therefore, Congress should pass legislation that directs U.S. government agencies that discover vulnerabilities in software or hardware.”
ITIF also said that the Trump administration should examine whether U.S. courts can hold someone in contempt of court if they refuse to disclose the encryption keys for their secured data.
Some government officials, including FBI Director James Comey, have advocated for technology companies to build backdoors into their encryption systems so that law enforcement can gain access to suspects’ information. Critics argue that building backdoors will allow bad actors to be able to access the information of innocent people as well. ITIF’s solution is to consider creating a rule that could compel someone to turn over an encryption key if law enforcement can prove a convincing interest in acquiring that information.
ITIF said that Congress should establish an 18F for cybersecurity, which would collaborate with agencies and bring in private sector talent to improve security practices. The team would be modeled after the General Services Administration’s 18F.
“The goal of this initiative would be to incorporate private-sector knowledge and nongovernment culture into high-impact, high-priority federal government cybersecurity projects,” ITIF said. “Members of this team could serve short-term stints based on new projects, agency needs, and available funding.”
ITIF also said that the White House could be proactive in considering Internet of Things national strategy. Congress should direct the Federal chief information officers to establish an IoT task force to coordinate the adoption of the IoT technologies. ITIF said that Congress should direct each agency to write a plan as to how they will use IoT to cut costs and improve services.
ITIF said that GSA should create an IoT Corps to work on high-impact IoT projects.
“Members of this team could rotate to new assignments every couple of years based on new projects, agency needs, and available funding,” ITIF said. “This model of government service would build off some of the successful aspects of 18F and the U.S. Digital Service.”