The commission aimed to change the lackluster presidential support.

The report recommended that the Obama administration create a comprehensive strategy for cyberspace, declaring that it "is a vital national asset that the United States will protect using all instruments of national power." While such an effort starts with international diplomacy, the United States also needs to create the framework — or "doctrine" — to support military attacks through cyberspace, the report stated. Economic policy as well as intelligence and law-enforcement agencies round out the tools that the U.S. could bring to bear.

The commission also called for the administration to establish a cybersecurity directorate within the National Security Council and the position of Assistant to the President for Cyberspace to create a strategy and advise the president. The post would be part of the National Office for Cyberspace, a group that would follow an approach similar to nuclear non-proliferation efforts, coordinating between agencies whose responsibilities directly impact cybersecurity.

"The post is a recognition that the operational stuff at the Department of Homeland Security is fine, but you need to have a strategic view, which is what the White House does," said Marcus Sachs, executive director for government affairs at Verizon Communications and a commission member. "That is one of the key things that we think is missing: Treating cyberspace like a part of the essence of the country, the same as transportation, the military and the economy."

Among its other recommendations, the commission called for better authentication for access to critical infrastructure. The federal government has already embarked on the use of strong identification documents & mdash; such as the Common Access Card — for physical access to sensitive installations. The same type of requirements should also apply to logical access to sensitive computers and control systems, said Lewis.

"The control system of an electrical power facility, that should require strong authentication," he said. "But if you are accessing a monitoring device, then perhaps not."

The commission also called for revamping current regulations to create more incentive for the operators of critical infrastructure to secure their systems. While the report concurred that the regulation of the Internet is a contentious issue, abandoning the development of defense to market forces has left the United States with scattershot protection. If the government adopts an approach similar to its Y2K initiatives — education and government leadership backed by regulations that force companies to disclose the steps taken to mitigate the problem — the policy could be much more effective, the report stated.

Another approach could be to use the coming stimulus efforts to also require that companies invest in security, said Amit Yoran, CEO of NetWitness and a member of the commission.

"One of the challenges is that many industries have not been good in securing their systems," Yoran said. "In this economic environment, it is entirely possible as you look at incentive programs and the stimulus, because there are a wide variety of ways to alter or improve behavior."

If you have tips or insights on this topic, please contact SecurityFocus.