Progress Being Made Fortifying US Cyber Defenses
Nearly 75 percent of the Cyberspace Solarium Commission's federal recommendations have been implemented or are on track to being implemented.
When it comes to cybersecurity and bolstering the country’s cyber resilience, the United States has made an valiant effort over the last year but there's still work to do.
That's the general takeaway of a new report issued today by the United States Cyberspace Solarium Commission, following up the CSC's 2020 report.
In that first report, the group made a series of recommendations – 82 in total – for the U.S. to implement in order to better respond to cybersecurity threats. It urged the government to reform to better keep up with emerging cybersecurity challenges, called for more collaboration with the private sector, and stressed the need for a layered cyber deterrence strategy.
This week's report says nearly 50% of its recommendations are on track to being implemented and that almost a quarter of the recommendations have already been implemented.
One of the biggest achievements so far, satisfying one of the report’s key recommendations, appears to be the nomination and confirmation of a National Cyber Director; Chris Inglis was sworn in back in July after the Senate confirmed him in June.
Other recommendations are works in progress; the report notes that the FY21 National Defense Authorization Act, which sets funding levels and outlines policy priorities for the U.S. Department of Defense (DOD) should help the country make some strides. The most recent national defense authorization bill has provisions to strengthen the Cybersecurity and Infrastructure Security Agency, codify Sector Risk Management Agencies, establish a Continuity of the Economy plan, establish a Joint Cyber Planning Office, and require a force structure assessment of the Cyber Mission Force – all CSC recommendations.
Some of the report's remaining priorities include establishing a Joint Collaborative Environment, a Cyber Diplomacy Act, a House Permanent Select and Senate Select Committee on Cybersecurity and a National Data Security and Privacy Protection Law.
The data security law in particular could prove to be a tough hurdle for the government to overcome, at least in the near future, especially with a patchwork of state-specific laws already in place across the country and companies continuing to push back against the concept. The report says efforts around such a law "have met resistance and are unlikely to move forward in the near future."
While the numbers portend progress, the report's authors, CSC co-chairs Senator Angus King (I-Maine) and Representative Mike Gallagher (R-Wisconsin) downplay the country's success so far.
"Real success is protecting national critical infrastructure from malicious cyber activity. We believe that these recommendations will help the country achieve that success, but we are under no illusions that the work ends when a recommendation becomes law or an executive order incorporates a Commission priority," the pair write in the report's executive summary.
King and Gallagher give an example, the appointment of Inglis and point out that while his appointment is a success in implementation of the recommendation, the successful impact will be how future presidents choose to empower and employ the director.
For those interested, the report breaks down the 82 recommendations - separated into six pillars - and frames how the U.S. has fared so far. For the recommendations that have yet to be implemented, most of the barriers require either executive action or appropriations.