nexgov

While social media companies and digital networks are relatively new, the problems of information laundering and manipulation are not. Of course, verbatim application of 20th-century media policy won’t work for today’s digital environment; some of it didn’t work very well last century either. But its core concerns should be taken seriously and its principles—especially transparency, responsibility and structural design to promote news investment—can be adapted for the 21st century.

The next US president will face a cyber landscape of unparalleled complexity with little time or flexibility to bring it under control. Here are five high-level priorities that experts and former federal officials say should guide the next president.

Build a Real Cyber Strategy: Ideally, the next president should develop a series of big-picture cyber priorities clear enough the average citizen could predict his or her responses to some new challenge as reliably as she could to a new environmental challenge.
Create Playbooks: Even the best policy won’t provide perfect guidance for every situation, especially because cybersecurity, by its very nature, is bound up in numerous other issues ranging from national security and economic security to personal privacy and online innovation.
Build Cyber Norms: The government has endorsed a handful of norms for how nations ought to act in cyberspace, including several promulgated by a United Nations group of government experts. The scope of cyber threats has shifted so rapidly, however, the U.S. often seems to be left deciding what’s out of bounds after it’s happened rather than before.
Choose Priorities: One thing that’s delayed progress in defensive cybersecurity has been taking on too much at once.
Shift Focus to the Private Sector: Finally, the next president should figure out ways to better incentivize the private sector to improve its own security.

The White House's first chief information security officer has ambitious plans to shore up government cybersecurity, including elaborate educational campaigns for employees and ensuring investments in data protection are proportional to the value of that data. In one of his first public appearances since his appointment in Sept, Gregory Touhill said his approach to cybersecurity was multipronged with separate goals for hiring cyber talent; educating federal workers about cyber hygiene; and encouraging agencies to treat information as an "asset" by considering whether it's worth it to invest in high-tech protections for low-value data sets.

"We focus too much on the technology and the keyboard stuff," he said. "Protecting information could be as simple as not discussing certain information over the phone, guarding the paperwork that you provide, shredding information that appropriately needs to be disposed of." In 2017, his team plans to come up with new ways to "educate and train and hopefully entertain our workforce, to help them better understand both the 'why' as well as the 'how' of cybersecurity," Touhill said. Annual reviews of computer programs, he added, won't be enough to ensure proper cyber protection. In the near term, the administration plans to launch Cyber.gov, a repository for information about cybersecurity-related goals and strategies, in the next couple of weeks. A group of federal CISOs will have their first meeting Oct 28; Touhill is also considering setting up a volunteer CISO advisory council.