Critical Infrastructure Security, Threat Management

Fed report castigates U.S. ability to fend off a cyberattack, suggests major reforms


Fed report castigates U.S. ability to fend off a cyberattack, suggests major reforms

The Cyberspace Solarium Commission issued a 182-page report stating the United States in dangerously insecure when it comes to defending itself from a cyberattack and offered a litany of recommendations to shore up the nation’s defenses.

The Commission, headed by Sens. Angus King, I-Me., and Mike Gallagher, R-Wisc., stated the executive branch should issue an updated National Cyber Strategy, establish House Permanent Select and Senate Select Committees on Cybersecurity, establish a Senate-confirmed National Cyber Director, strengthen the Cybersecurity and Infrastructure Security Agency (CISA) and implement policies designed to better recruit, develop and retain cyber talent.

“The United States now operates in a cyber landscape that requires a level of data security, resilience, and trustworthiness that neither the U.S. government nor the private sector alone is currently equipped to provide. Moreover, shortfalls in agility, technical expertise, and unity of effort, both within the U.S. government and between the public and private sectors, are growing,” the senators said in their executive summary.

To rectify these issues the report lists five strategic steps its writers believe need to be taken to push the country in the right direction.

The first is to establish a credible level of deterrence by being willing and able to use a level of retaliatory force commensurate with any cyberattack suffered

“The federal government and the private sector must defend themselves and strike back with speed and agility. This is difficult because the government is not optimized to be quick or agile, but we simply must be faster than our adversaries in order to prevent them from destroying our networks and, by extension, our way of life,” the report stated.

The next recommendation centers on creating a Continuity of the Economy plan similar to those created during the Cold War to help the nation recover from a physical attack, but in this case one designed to rapidly restore critical functions across corporations and industry sectors to get the economy back up and running after a catastrophic cyberattack.

In order to institute these steps, the report stated the government itself must be reformed. This would include elevating and empowering CISA and create new focal points for coordinating cybersecurity in the executive branch and Congress. The position of National Cyber Director should be created with oversight from a new Cybersecurity Commission.

The private sector will also be expected to due its part. Considering most of the nation’s critical infrastructure is privately owned these entities some regulations should be instituted.

“We do not want to saddle the private sector with onerous and counterproductive regulations, nor do we want to force companies to hand over their data to the federal government. But we need C-suite executives to take cyber seriously since they are on the front lines. With support from the federal government, private-sector entities must be able to act with speed and agility to stop cyberattackers from breaking out in their networks and the larger array of networks on which the nation relies,” the report said.

Finally, the report noted election security must be a priority. If we don’t get election security right, deterrence will fail and future generations will look back with longing and regret on the once powerful American Republic and wonder how we screwed the whole thing up, King and Gallagher said.

Tom Gann, chief public policy officer at McAfee, said in a statement the Solarium Commission rightly notes that turning the tide on cyberthreats must involve federal, state, local and tribal governments as well as industry, academia and individuals.

“We applaud the Commission for calling for a common and interoperable environment for sharing and fusing  threat information, insights, and other relevant data across the federal government and between the public and private sectors. This interoperability must also extend to cybersecurity tools, which today often function in silos,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.