Some members and staff of President Obama’s Commission on Enhancing National Cybersecurity are seeking to advance the commission’s goals through a nonprofit that will provide cyber risk-management best practices for small and medium-sized businesses, according to an announcement Wednesday.
The Cyber Readiness Institute was launched to help the private sector “better address cybersecurity risk management across value chains, with a particular emphasis on support for small and medium-sized enterprises,” according to the announcement.
The four co-chairs of the institute are former IBM CEO and commission Deputy Chairman Sam Palmisano; commission member and MasterCard CEO Ajay Banga; Microsoft CEO Satya Nadella, who took over from commission member and Microsoft Vice President Peter Lee; and Penny Pritzker, who as Obama’s secretary of Commerce stood the commission up.
It will be run by commission Executive Director Kiersten Todt. “The commission was the launching pad and the foundation stone” for the institute, she told CyberScoop. She said she’d had conversations with Palmisano about carrying on the commission’s work and “not wanting it to end with the report” that the commission produced at the end of the Obama administration.
“One of the key issues from the commission, especially on the private sector side, was securing the value chain, particularly for small and medium sized enterprises,” she said. The value chain is a concept used by business theorists to illuminate the interdependencies of any business.
“The value chain concept looks at the production and delivery of goods as a system, not just as a list of entities like a supply chain … It’s a more comprehensive view,” Todt said.
For the remainder of the summer and the early fall, Todt said, the institute would focus on recruiting CEOs, aiming for a first meeting in October. “The CEOs will meet twice a year,” she said, adding that each would nominate their “top cyber [subject matter expert]” to represent them on a working group that would meet every other month.
The institute aimed to produce content and software tools that were “actually accessible to non-experts” and that could provide “practical … tangible” help to small and medium businesses trying to figure out how to manage their cybersecurity risk, Todt added.
The institute will measure its impact by how good the tools are, how widely deployed they are and what their impact is, she said.