Commission Finds U.S. Is Unprepared for Major Cyberattacks

The Cyberspace Solarium Commission released a report based on a months-long study that showed the U.S. government’s lack of ability to block cyber threats. The Commission lists 75 recommendations for major structural changes, including the creation of Congressional committees dedicated to cybersecurity and a White House-based national cybersecurity director to be confirmed by the Senate. The report is blunt in its assessment that the U.S. government’s current approach to cyberattacks is “fundamentally flawed.”

The Wall Street Journal reports that, according to the Commission, “the U.S. is currently not designed to act with the speed and agility necessary to defend the country in cyberspace,” especially with regards to “nation-state-sponsored intellectual property theft using cyber espionage.”

The Commission, “a Congressionally mandated body formed last year,” noted that its recommendations “may be difficult to achieve, even in the long term, given political hurdles and Washington’s tendency to stick to the status quo in the absence of crisis.” Senator Angus King (Independent-Maine) noted that, “this is the 9/11 Commission report without 9/11.”

The 182-page report states that, “successive presidential administrations have largely failed to deter Russia, China and other adversaries, including criminal groups, from carrying out increasingly debilitating cyberattacks … [and] outlined a three-tiered strategy of ‘layered cyber deterrence’ to reduce the consequences of cyberattacks.”

Those layers are “shaping acceptable international norms in cyberspace, denying benefits to adversaries seeking gain through cyber capabilities and imposing greater costs — including direct retaliation when necessary — on those who do.”

Other commissions that have made cybersecurity recommendations “typically haven’t involved current members of Congress or senior leadership from federal agencies,” whereas “four U.S. lawmakers are serving on the 14-member Cyberspace Solarium Commission, as well as senior national security officials, including Federal Bureau of Investigation director Chris Wray and Chris Inglis, former deputy director of the National Security Agency.”

The recommendations, “many of which would require an act of Congress,” include the creation of “permanent House select and Senate select committees on cybersecurity,” the development of a government “continuity of the economy planning,” a cybersecurity vulnerability assessment of nuclear control systems conducted by the Defense Department at the direction of Congress, a Congress-created assistant secretary of state with a new Bureau of Cybersecurity and Emerging Technologies, and a Congress-passed national data security and privacy protection law “standardizing requirements for the collection, retention and sharing of user data.”

The U.S. government is also encouraged to “promote digital literacy, civics education and public awareness.”