Obama Cybersecurity Commission Recommendations Seen Likely to Have Value for Trump
The Commission on Enhancing National Cybersecurity and its forthcoming recommendations to the White House are likely to have at least some policy currency in President-elect Donald Trump's administration, said industry executives and lawyers in interviews. President Barack Obama directed the formation of CENC in February as part of the White House's Cybersecurity National Action Plan. The commission has until Dec. 1 to deliver a set of recommendations to the White House aimed at actions the private and public sectors can take over the next decade to improve cyber defenses and raise cyber awareness (see 1602090068).
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
CENC remains on track to deliver a set of six short and long-term recommendations, commission officials said during a Monday meeting. The recommendations won't be publicly released until after Obama has a chance to provide feedback on the recommendations, officials said. Obama has up to 45 days to comment on the recommendations, putting issuance of the report before Trump's Jan. 20 inauguration. CENC Chairman Tom Donilon said recommendations will focus on broad “imperative” issues like clarifying the roles the public and private sectors play in cybersecurity. The report will “outline the big ideas,” some of which will be “actionable immediately and some in the longer term,” said Executive Director Kiersten Todt.
Suggestions are likely to include a continued focus on the use of voluntary cybersecurity standards and instituting incentives to encourage private sector cybersecurity improvements, an industry executive said. CENC considered recommending the White House create a special assistant to the president on cybersecurity issues who would have the same rank as the national security advisor, the executive said. The commission may recommend the White House set up a public-private “consortium” to advise the president on cybersecurity issues, the executive said.
CENC also considered seeking creation of a labeling system for electronic devices along the lines of nutrition labels on packaged foods that would indicate how a particular device complies with cybersecurity standards, the industry executive said. Such a stance, if included in the final report, might lead to the sort of de facto “standard of care” on cybersecurity protection that was discussed after the 2014 release of the National Institute of Standards and Technology's Cybersecurity Framework (see report in the March 10, 2014, issue), the executive said.
It's highly unlikely that CENC's recommendations will be dead on arrival in the Trump administration, because the incoming administration will at least consider the recommendations into their planning on cybersecurity policy, a range of stakeholders said. They were less unified in forecasting the degree to which the Trump White House will prioritize the CENC proposals against other cybersecurity goals. Cybersecurity policy is seen as an area in which stakeholders perceive a likelihood the incoming administration will take an active role in collaboration with Congress. That isn't likely to shift the U.S. cybersecurity policy approach away from the broad consensus seen during the Obama' administration (see 1611090039). Trump's transition team didn't comment.
CENC's work reflects “the participation of a broad range of stakeholders from across the political spectrum and has tremendous expertise” on cybersecurity issues, said Akin Gump cybersecurity and telecom lawyer David Turetsky, a former FCC Public Safety Bureau chief under Chairman Tom Wheeler. The recommendations “will certainly have value,” particularly since cybersecurity generally is a policy area that has had major bipartisan consensus in recent years, he said. CENC's bipartisan outlook “will hopefully translate into something that has some value for everyone regardless of their political views,” Turetsky said.
The commission's recommendations may well be “squarely at the top of the list” of cybersecurity proposals the Trump administration will consider, given how soon they will be released before Trump's inauguration, said Norma Krayem, Holland & Knight cybersecurity policy expert. The Trump administration will need to put together a “comprehensive plan” on cybersecurity policy since it wasn't an issue that was “front and center” for Trump's presidential campaign, Krayem said: “They're going to have to decide what core issues they want to take on related to cybersecurity,” and the CENC recommendations may help the administration with that prioritization.
The Trump administration will probably give the CENC recommendations “due consideration, but I'd be a little surprised if it's taken as a day one blueprint now as it might have been” if Democratic presidential nominee Hillary Clinton had won, said Internet Security Alliance President Larry Clinton. CENC may have bipartisan membership, but it's still “an Obama commission and Trump is coming in as a person of change,” Clinton said. The extent to which the Trump White House uses CENC's recommendations probably “depends entirely on what's actually in the report,” Clinton said. The Trump administration will probably want to review CENC's findings closely before it decides how to proceed, said visiting fellow at the American Enterprise Institute’s Center for Internet, Communications and Technology Policy.
Trump promised in a video message Monday that one of his first executive actions upon taking office Jan. 20 will be to instruct the DOD and the chairman of the Joint Chiefs of Staff to “develop a comprehensive plan to protect America’s vital infrastructure from cyberattacks, and all other form of attacks.” Trump said his Day 1 goals also include restricting new federal regulations (see 1611220027).