The report, led by National Security Cyber-Security ChiefMelissa Hathaway, was prompted by a 60-day cyber-space policy review ordered by President Barack Obama. The president said Friday he will appoint a cyber-security official and new office that will coordinate the nation's cyber-security policy, a recommendation of the review team.
The report also suggests updating the national strategy for cyber-security and incident response, implementing a national education campaign about cyber-threats, and building an identity management vision for the country, among several other goals.
Gopal Khanna, the CIO of Minnesota and the president of the National Association of State Chief Information Officers, said Friday the report is a "giant step" in the national conversation about cyber-security threats.
"State CIOs have been talking for the longest about the need for cyber-security readiness in a much larger way, so for us it's heartening to see this report because now it has grabbed some national attention, and will grab the attention of the president, obviously, and governors and lawmakers all across the country. The state CIOs have been on the front end of this conversation for several years now," Khanna said.
Khanna pointed to the fact that Minnesota, for example, is currently implementing a five-year cyber-security plan under the direction of state chief information security officer Chris Buse. Khanna also applauded the leadership of Will Pelgrin, New York state's chief information security officer, who leads the multistate Information Sharing and Analysis Center.
The White House's commitment to working to improve computer security may signal that more resources -- that is, funds -- will trickle down to state and local government in future years, Khanna said.
In remarks Friday, Obama said cyber-security became an issue for his presidential campaign -- hackers were able to access e-mails and travel itineraries. And millions of Americans are victimized; cyber-crime has cost Americans more than $8 billion the past two years, Obama said.
He said in the future the federal government will coordinate with all levels of government and the private sector when a cyber-incident occurs.
"Given the enormous damage that can be caused by even a single cyber-attack, ad hoc responses will not do. Nor is it sufficient to simply strengthen our defenses after incidents or attacks occur. Just as we do for natural disasters, we have to have plans and resources in place beforehand -- sharing information, issuing warnings and ensuring a coordinated response," Obama said.
The president said security standards and the development of new technologies would remain in the hands of the public sector, where it's always been.