A presidential cybersecurity commission is expected to produce a first draft of its findings in just over a month, and is asking the business community and others for input on how to tackle the most important cybersecurity challenges that will confront the next administration.
That's an extremely short turnaround time for industry groups to craft responses to a so-called request for information (RFI) from the government, which was published on Aug. 10 in the Federal Register.
The timing raises questions on whether this panel — hand-picked by the White House — actually intends to consider what it receives from business groups and cyberpolicy experts as it shapes recommendations due to be released on Dec. 1.
Some sources even suggest the commission itself is little more than a venue to bring a group of cyberpolicy notables up to speed on the issues of the day in preparation for future roles in a Hillary Clinton administration.
But many business leaders who deal with cyberpolicy are putting aside any such suspicions and view the opportunity to provide comment as, in fact, a real opportunity to influence decisions on cybersecurity strategy going forward.
The request for information put out by the Commission on Enhancing National Cybersecurity included such broad, open-ended questions that it could be viewed as little more than a primer for a cybersecurity 101 course.
The RFI asks stakeholders to address a top-10 list of general cybersecurity topics including critical infrastructure cybersecurity, cyberinsurance, workforce issues, the Internet of things and state and local issues.
Within those, it wants to know about trends, what should be done over one-two years and what should be done over a longer horizon.
And it asks about emerging technologies, the need for incentives to motivate businesses to improve cybersecurity and possible performance measures.
The document is a very high-level swipe at cyberpolicy challenges, but the very vagueness of the questions is seen as a strength by some astute industry leaders.
"It's encouraging that the RFI makes several references to the need for partnerships," said one industry source who has worked on several government-private sector collaborative initiatives in recent years.
"If that's the foundational principle, the value proposition for industry is significant," the source said. "It signals to the next administration that this is important and it's working."
The questions in the RFI, the source noted, are so broad "they cover everything that's been discussed on cyber over the past 10 years."
But, the source said, "we'll zero in on our priorities and offer very specific recommendations. The core to us is to continue and expand the partnership model."
Many industry groups will submit comments, the source predicted, while saying most would probably pick off the issues they want to emphasize and craft a message for the next administration around their key priorities.
The commission is off to Minneapolis for a public meeting on Aug. 23 that will focus on cybersecurity issues facing consumers, then meets in Washington, D.C., in September to discuss its first draft of findings.
Then comes a sprint toward completion and release of the report in December — and the first signs of whether the incoming administration will heed any of its recommendations.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of "Hacked: The Inside Story of America's Struggle to Secure Cyberspace," published by Rowman and Littlefield.