Obama Cybersecurity Panel May Not Be Effective

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

April 14 — President Barack Obama's chosen candidates for a new commission may not have the appropriate experience to provide effective recommendations for improving U.S. cybersecurity, an industry insider told Bloomberg BNA April 14.

Obama April 13 announced his intent to appoint 10 new members to the Commission on Enhancing National Cybersecurity, noting that the new members will “bring a wealth of experience and talent to this important role,” and that the administration looks “forward to receiving the Commission's recommendations.”

However, there may be challenges within the commission and the power and applicability of the commission may be limited, Craig Spiezle, executive director, founder and president of the Online Trust Alliance, an Internet consumer trust nonprofit group, said.

The appointments include: Peter Lee, corporate vice president of Microsoft Research; Joe Sullivan, chief security officer at Uber Inc.; Ajay Banga, president and chief executive office of MasterCard Inc; and retired Gen. Keith Alexander, chairman and chief executive officer of IronNet Cybersecurity Inc. and former director of the National Security Agency.

The members come from “diverse backgrounds, and will be able to apply the perspectives of business, the tech sector, information technology security, national security and law enforcement,” U.S. Secretary of Commerce Penny Pritzker said in an April 13 statement.

When reached for comment, Microsoft Corp. couldn't “accommodate” Bloomberg BNA's request.

Actionable Advice

Even though “there are some marquee names on the list, the challenge is how many have hands-on expertise” and how efficient the commission will be to detect, “contain and remediate threats,” Spiezle said.

The power and applicability of the commission may be limited to white papers and status reports, Spiezle said. “What is needed is prescriptive and actionable advice,” he said.

For example, the U.S. Computer Emergency Readiness Team provides cybersecurity threat detection, analysis and warnings to companies and the public. However, there are some limitations as the “data does not flow quickly enough back to the private sector,” he said.

There is “no silver bullet” for cybersecurity protection and in reality “this is a complex arena and all too often the basics are overlooked,” Spiezle said.

Cybersecurity National Action Plan

As part of the Cybersecurity National Action Plan, Obama Feb. 9 issued an executive order establishing the commission within the Department of Commerce (15 PVLR 317, 2/15/16).

Prior to the recent appointments Obama had picked former National Security Advisor Tom Donilon as chairman, former IBM Chief Executive Officer Samuel J. Palmisano as vice chairman of the commission (15 PVLR 376, 2/22/16). Additionally, Pritzker picked Kiersten Todt, former president and managing partner of Liberty Group Ventures LLC, as the executive director of the commission (15 PVLR 664, 3/28/16).

Obama said that the commission is charged with “the critically important task of identifying the steps our nation must take to ensure our cybersecurity in an increasingly digital world.”

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editor responsible for this story: Jimmy H. Koo at jkoo@bna.com