The U.S. government lacks a centralized infrastructure and modernized approach to nullify cybersecurity threats posed by foreign adversaries, a new federal report said.
The report was produced by the bi-partisan Cyberspace Solarium Commission, formed last year and composed of Congressional members, former government officials and private sector executives tasked with forming a strategy to defend the nation against cyber attacks. The commission previewed the report last week.
What awaits an encumbered federal bureaucracy and outdated strategies is an oncoming cyber disaster, the report said. Among its 75 recommendations are calls for a new national cyber director who would function as the president’s chief cybersecurity advisor; a Department of Defense conducted assessment of the nation’s vulnerability to hacks of its nuclear control systems; and, a new Bureau of Cybersecurity and Emerging Technologies run by an assistant secretary of state tasked with developing and reinforcing “international norms” in cyberspace.
“The reality is that we are dangerously insecure in cyber,” the report’s authors, Sen. Angus King (I-ME) and Rep. Mike Gallagher (R-WI), wrote. “Your entire life—your paycheck, your health care, your electricity—increasingly relies on networks of digital devices that store, process, and analyze data. These networks are vulnerable, if not already compromised. Our country has lost hundreds of billions of dollars to nation-state-sponsored intellectual property theft using cyber espionage." In the commission's view, so extensive is the potential for cyber-inflicted damage that the report compared an inadequate U.S. cyber defense system to the “chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest, and hurricanes in the Southeast.”
The Commission's recommendations include:
- Congress should create House permanent select and Senate select committees on cybersecurity “to provide integrated oversight of the cybersecurity efforts dispersed across the federal government.”
- The U.S. government should develop and maintain a continuity of the economy planning to ensure critical functions of the economy continue operating in the event of a significant cyber disruption.
- Congress should pass a law establishing a new Senate-confirmed national cyber director who would work in the Executive Office of the President and function as the president’s chief cybersecurity adviser.
- The Defense Department, at the direction of Congress, should conduct a cybersecurity vulnerability assessment of nuclear control systems.
- Congress should create an assistant secretary of state, with a new Bureau of Cybersecurity and Emerging Technologies, who will lead efforts to “develop and reinforce international norms in cyberspace.”
- Congress should pass a national data security and privacy protection law standardizing requirements for the collection, retention and sharing of user data.
- The U.S. government should promote digital literacy, civics education and public awareness to “build societal resilience to foreign, malign cyber-enabled information operations.”
Although the nation’s cybersecurity leaders have banked on deterrence and threatened sanctions to discourage cyber offensives, for the most part that strategy has not succeeded in batting away China’s and Russia’s forays. “Today most cyber actors feel undeterred, if not emboldened, to target our personal data and public infrastructure,” the report said. “In other words, through our inability or unwillingness to identify and punish our cyber adversaries, we are signaling that interfering in American elections or stealing billions in U.S. intellectual property is acceptable. The federal government and the private sector must defend themselves and strike back with speed and agility.”
The commission is the offspring of the 2019 National Defense Authorization Act (NDAA), named after a Cold War Era initiative during the Eisenhower administration called the Solarium Project. In addition to King and Gallagher, its membership includes FBI Director Christopher Wray, Deputy Secretary of Defense David Norquist, Sen. Ben Sasse (R-NE), Rep. James Langevin (D-RI), and former Deputy Director of the National Security Agency Chris Inglis.
