Fed report castigates U.S. ability to fend
off a cyberattack, suggests major reforms
The
Cyberspace Solarium Commission issued a 182-page report stating the United
States in dangerously insecure when it comes to defending itself from a
cyberattack and offered a litany of recommendations to shore up the nation’s
defenses.
The Commission,
headed by Sens. Angus King, I-Me., and Mike Gallagher, R-Wisc., stated the
executive branch should issue an updated National Cyber Strategy, establish
House Permanent Select and Senate Select Committees on Cybersecurity, establish
a Senate-confirmed National Cyber Director, strengthen
the Cybersecurity and Infrastructure Security Agency (CISA) and implement
policies designed to better recruit, develop and retain cyber talent.
“The United States now operates in a cyber landscape that
requires a level of data security, resilience, and trustworthiness that neither
the U.S. government nor the private sector alone is currently equipped to
provide. Moreover, shortfalls in agility, technical expertise, and unity of
effort, both within the U.S. government and between the public and private
sectors, are growing,” the senators said in their executive
summary.
To rectify these issues the report lists five strategic
steps its writers believe need to be taken to push the country in the right
direction.
The first is to establish a credible level of deterrence by
being willing and able to use a level of retaliatory force commensurate with any
cyberattack suffered
“The federal government and the private sector must defend
themselves and strike back with speed and agility. This is difficult because
the government is not optimized to be quick or agile, but we simply must be
faster than our adversaries in order to prevent them from destroying our
networks and, by extension, our way of life,” the report stated.
The next recommendation centers on creating a Continuity of
the Economy plan similar to those created during the Cold War to help the
nation recover from a physical attack, but in this case one designed to rapidly
restore critical functions across corporations and industry sectors to get the economy
back up and running after a catastrophic cyberattack.
In order to institute these steps, the report stated the
government itself must be reformed. This would include elevating and empowering
CISA
and create new focal points for coordinating cybersecurity
in the executive branch and Congress. The position of National Cyber Director should
be created with oversight from a new Cybersecurity Commission.
The private sector will also be expected to due its part.
Considering most of the nation’s critical infrastructure is privately owned
these entities some regulations should be instituted.
“We do not want to saddle the private sector with onerous
and counterproductive regulations, nor do we want to force companies to hand
over their data to the federal government. But we need C-suite executives to
take cyber seriously since they are on the front lines. With support from the
federal government, private-sector entities must be able to act with speed and
agility to stop cyberattackers from breaking out in their networks and the
larger array of networks on which the nation relies,” the report said.
Finally, the report noted election security must be a
priority. If we don’t get election security right, deterrence will fail and
future generations will look back with longing and regret on the once powerful
American Republic and wonder how we screwed the whole thing up, King and
Gallagher said.
Tom Gann, chief public policy officer at McAfee, said in a
statement the Solarium Commission rightly notes that turning the tide on cyberthreats
must involve federal, state, local and tribal governments as well as industry,
academia and individuals.
“We applaud the Commission for calling for a common and
interoperable environment for sharing and fusing threat information, insights, and other
relevant data across the federal government and between the public and private
sectors. This interoperability must also extend to cybersecurity tools, which
today often function in silos,” he said.
