Bipartisan Commission Sounds Alarm on Cyber Insecurity
The bipartisan Cyberspace Solarium Commission today issued a call to action on cybersecurity. The commission issued a report sounding the alarm on the nation’s lack of security in cyberspace.
“The reality is that we are dangerously insecure in cyber. Your entire life—your paycheck, your health care, your electricity—increasingly relies on networks of digital devices that store, process and analyze data. These networks are vulnerable, if not already compromised,” Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wisconsin), co-chairs of the commission, write in a letter introducing the report.
“Our country has lost hundreds of billions of dollars to nation-state-sponsored intellectual property theft using cyber espionage. A major cyber attack on the nation’s critical infrastructure and economic system would create chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest and hurricanes in the Southeast,” they continue.
The report offers more than 75 recommendations, including: creation of a new executive branch cybersecurity strategy; reorganization of Congressional oversight committees; re-establishment of the Office of Technology Assessment, which was dissolved in 1995; reformation of government recruitment, training and education of the cyber workforce; and creation of an executive branch cyber national director (NCD).
“The NCD would not direct or manage day-to-day cybersecurity policy or the operations of any one federal agency, but instead will be responsible for the integration of cybersecurity policy and operations across the executive branch. Specifically, the NCD would (1) be the President’s principal advisor on cybersecurity and associated emerging technology issues and the lead national-level coordinator for cyber strategy and policy; (2) oversee and coordinate federal government activities to defend against adversary cyber operations inside the United States; (3) with concurrence from the National Security Advisor or the National Economic Advisor, would convene Cabinet-level or National Security Council (NSC) Principals Committee–level meetings and associated preparatory meetings; and (4) would provide budgetary review of designated agency cybersecurity budgets,” the report explains.
The commission also calls for the strengthening of several cyber-related organizations, including: the Cybersecurity and Infrastructure Security Agency, the Cyber Threat Intelligence Integration Center, and the FBI’s Cyber Mission and the National Cyber Investigative Joint Task.
“The FBI has a unique dual responsibility: to prevent harm to national security as the nation’s domestic intelligence agency and to enforce federal laws as the nation’s primary federal law enforcement agency. Both roles are essential to investigating and countering the cyber threat, and are critical in supporting whole-of-government campaigns supporting layered cyber deterrence,” the report explains.
The commission also recommends passing legislation and implementing policies aimed at recruiting and retaining a professional cyber workforce. “The challenge of achieving effective security and defense in cyberspace depends on people as much as it does on technology or policy. Today, the U.S. government suffers from a significant shortage in its cyber workforce. Across the public sector more broadly, one in three positions (more than 33,000) remains unfilled.162 These shortages are driven by a need for personnel that have specific cybersecurity skills and experience, but they are complicated by government hiring, training, and development pathways that are not well-suited to recruit and retain those personnel,” it says.
To read the full report, click here.
