PCAST Releases Cybersecurity Report
Following its November meeting, the President’s Council of Advisers on Science and Technology (PCAST) released a letter report on cybersecurity. The report follows a classified briefing PCAST gave to the President back in February.
The report encourages that the federal government and the private sector avoid static procedures on cybersecurity and pursue “a set of processes that continuously couple information about an evolving threat to defensive reactions and responses.” To that end the report recommends industry-driven third-party audited continuous improvement processes. Transparent reporting would be an important part of these audited processes.
The report provides specific recommendations for the government and the private sector, as well as guidance about how the two sectors should interact about cybersecurity. It encourages the government to tidy its own house, and to encourage private sector cybersecurity practices through any realm of Federal regulation – not just national security. PCAST encourages the private sector to share information amongst themselves, and with the government as appropriate.
Since this is effectively the public version of a nine month old report, it’s hard to know what new actions will come from the document. It’s quite possible that the Administration is well on its way toward implementing some of these recommendations.