WASHINGTON — A national commission on Friday delivered urgent recommendations to improve the nation's cybersecurity, weeks before President-elect Donald Trump takes office. The report follows the worst hacking of U.S. government systems in history and accusations by the Obama administration that Russia meddled in the U.S. presidential election by hacking Democrats.
The Presidential Commission on Enhancing National Cybersecurity, which was expected to spell out actions the U.S. can take over the next 10 years, instead urged more immediate actions within two to five years. It suggested the Trump administration consider some items "deserving action" within the first 100 days.
It recommended that Trump create an assistant to the president for cybersecurity, who would report through the national security adviser, and establish an ambassador for cybersecurity, who would lead efforts to create international rules. It urged steps to end the threat of identity theft by 2021 and said Trump's administration should train 100,000 new cybersecurity workers by 2020.
Other ideas included helping consumers to judge products using an independent "nutritional label" for technology products and services.
The White House requested the report in February and intended it to serve as a transition memo for the next president. The commission included 12 of what the White House described as the brightest minds in business, academia, technology and security. It was led by Tom Donilon, Obama's former national security adviser.
The panel studied sharing information with private companies about cyber threats, the lack of talented American security engineers and distrust of the U.S. government by private businesses, especially in Silicon Valley. Classified documents stolen under Obama by Edward Snowden, a contractor for the National Security Agency, revealed government efforts to hack into the data pipelines used by U.S. companies to serve customers overseas.
One commissioner, Herbert Lin of Stanford University, said some senior information technology managers distrust the federal government as much as they distrust China, widely regarded as actively hacking in the U.S.
President Barack Obama said in a written statement after meeting with Donilon that his administration will take additional action "wherever possible" to build on its efforts to make progress before he leaves office next month. He urged Trump and the next Congress to treat the recommendations as a guide.
"Now it is time for the next administration to take up this charge and ensure that cyberspace can continue to be the driver for prosperity, innovation, and change both in the United States and around the world," Obama said.
It was not immediately clear whether Trump would accept this recent report, much less act on its recommendations. Trump won the election on promises to reduce government regulations, although decades of relying on market pressure or asking businesses voluntarily to make their products and services safer to use have been largely ineffective.
Trump's presidential campaign benefited from embarrassing disclosures in hacked emails stolen from the Democratic National Committee, Hillary Clinton's campaign staff and others, and Trump openly invited Russian hackers to find and release tens of thousands of personal emails that Clinton had deleted from the private server she had used to conduct government business as secretary of state. He also disputed the Obama administration's conclusion that Russia was responsible for the Democratic hackings.
Trump is a prolific user of online social media services, especially Twitter, but he is rarely seen using a laptop or other computer. His campaign manager, Kellyanne Conway, tweeted a photograph Monday of Trump working on an Apple laptop inside his office at Trump Tower. Trump testified in a deposition in 2012 that he did not own a personal computer or smartphone, and earlier this year in another deposition said he deliberately does not use email. "We've figured that out," Trump said. "Took a lot of people a long time to figure that out."
Trump has already promised his own study by a "Cyber Review Team" of people he said he will select from military, law enforcement and private sectors. He said his team will develop mandatory cyber awareness training for all U.S. government employees, and he has proposed a buildup of U.S. military offensive and defensive cyber capabilities that he said will deter foreign hackers.
The new report suggested that the government should remain the only organization responsible for responding to large-scale attacks by foreign countries.
Obama has a mixed legacy on cybersecurity.
Under Obama, hackers stole personal data from the U.S. Office of Personnel Management on more than 21 million current, former and prospective government employees, including details of security-clearance background investigations for federal agents, intelligence employees and others. The White House also failed in its efforts to convince Congress to pass a national law — similar to laws passed in some states — to require hacked companies to notify affected customers.
But the Obama administration also became more aggressive about publicly identifying foreign governments it accused of hacking U.S. victims, arrested some high-profile hackers overseas, successfully shut down some large networks of hacked computers used to attack online targets, enacted but never actually used economic sanctions against countries that hacked American targets and used a sophisticated new cyberweapon called Stuxnet against Iran's main nuclear enrichment facilities.
Copy of the report: