WASHINGTON (AP) — A national commission was set Friday to deliver urgent recommendations to improve the nation's cybersecurity, weeks before President-elect Donald Trump takes office. The report follows the worst hacking of U.S. government systems in history and accusations by the Obama administration that Russia meddled in the U.S. presidential election by hacking Democrats.
The Presidential Commission on Enhancing National Cybersecurity spelled out actions the U.S. can take over the next five to 10 years.
The White House requested the report in February and intended it to serve as a transition memo for the next president. The commission included 12 of what the White House described as the brightest minds in business, academia, technology and security. It was led by Tom Donilon, Obama's former national security adviser.
The panel studied issues that included sharing information with private companies about cyber threats, the lack of talented American security engineers and distrust of the U.S. government by private businesses, especially in Silicon Valley. Classified documents stolen under Obama by Edward Snowden, a contractor for the National Security Agency, revealed government efforts to hack into the data pipelines used by U.S. companies to serve customers overseas.
One commissioner, Herbert Lin of Stanford University, said some senior information technology managers distrust the federal government as much as they distrust China, widely regarded as active hacking in the U.S.
White House spokesman Eric Schultz points to Obama's request for a 37 percent increase in cybersecurity resources for the 2017 budget year as evidence that the administration "has consistently made cybersecurity a top national security and economic security priority."
Congress declined to consider Obama's budget proposal.
Schultz wouldn't rule out the possibility of Obama acting on recommendations that can be implemented before he leaves office. "This isn't something the president plans to take his eye off the ball on," Schultz said.
It was not immediately clear whether Trump would accept this recent report, much less act on its recommendations.
Trump's presidential campaign benefited from embarrassing disclosures in hacked emails stolen from the Democratic National Committee, Hillary Clinton's campaign staff and others, and Trump openly invited Russian hackers to find and release tens of thousands of personal emails that Clinton had deleted from the private server she had used to conduct government business as secretary of state. He also disputed the Obama administration's conclusion that Russia was responsible for the Democratic hackings.
Trump is a prolific user of online social media services, especially Twitter, but he is rarely seen using a laptop or other computer. His campaign manager, Kellyanne Conway, tweeted a photograph Monday of Trump working on an Apple laptop inside his office at Trump Tower. Trump testified in a deposition in 2012 that he did not own a personal computer or smartphone and said his secretaries responded to all messages sent to his email address at the Trump Organization.
Trump has already promised his own study by a "Cyber Review Team" of people he said he will select from military, law enforcement and private sectors. He said his team will develop mandatory cyber awareness training for all U.S. government employees, and he has proposed a buildup of U.S. military offensive and defensive cyber capabilities that he said will deter foreign hackers.
President Barack Obama has a mixed legacy on cybersecurity.
Under Obama, hackers stole personal data from the U.S. Office of Personnel Management on more than 21 million current, former and prospective government employees, including details of security-clearance background investigations for federal agents, intelligence employees and others. The White House also failed in its efforts to convince Congress to pass a national law — similar to laws passed in some states — to require hacked companies to notify affected customers.
But the Obama administration also became more aggressive about publicly identifying foreign governments it accused of hacking U.S. victims, arrested some high-profile hackers overseas, successfully shut down some large networks of hacked computers used to attack online targets, enacted but never actually used economic sanctions against countries that hacked American targets and used a sophisticated new cyberweapon called Stuxnet against Iran's main nuclear enrichment facilities.