The incoming administration of President-elect Donald Trump should be guided by two principles when it comes to cyber security: making sure there are consequences for foreign entities that hack United States networks and providing incentives for U.S. entities to better secure their networks, says a new bipartisan report released on Wednesday.
There remains “boundless opportunity” for cyber attackers and “creation of consequences for cyber crime, espionage, and cyber attack and making these consequences clear to malicious actors is the most effective ways to reduce cyber risk (especially if done in partnerships with like-minded nations),” says the report, From Awareness to Action: A Cybersecurity Agenda for the 45th President. “Since risk cannot be completely eliminated, better cybersecurity also requires holding key critical infrastructures to high standards while incentivizing basic improvements in the general population of online actors.”
The report was issued the Cyber Policy Task Force at the Center for Strategic and International Studies and co-chaired by Rep. Michael McCaul (R-Texas) and Sen. Sheldon Whitehouse (D-R.I.).
The report says the Obama administration underestimated how “spontaneously” the private sector would respond to creating cyber security solutions and therefore government wouldn’t need to be as heavily involved. There are no near-term technological solutions and the government was slow to issue executive actions, it says.
Another shortcoming has been the administration’s installation of White House-level executives such as a chief technology officer and chief information security officer who in the end are “only ornamental” and aren’t equipped to manage complex federal bureaucracies, where decision making “is more collective, shaped by external pressures both bureaucratic and political, and rife with assorted strictures on resources and personnel.”
The recommendation for consequences against foreign cyber hackers comes amid skepticism by Trump that the U.S. intelligence community can adequately attribute the sources of cyber attacks. Sean Spicer, Trump’s spokesman, said on a media call on Wednesday that Trump isn’t very confident in the conclusions of the intelligence community as they pertain to the raw intelligence data of alleged Russian hacks of Democratic organizations during the presidential campaign. He said Trump does have more confidence in the raw data.
The task force issued a report eight years ago following the election of Barack Obama to be president. The new report says the cyber security strategy goals are the same, “to create a secure and stable digital environment that supports continued economic growth while protecting personal freedoms and national security.” It says networks remain inherently vulnerable and that “some countries refuse to cooperate in prosecuting cybercriminals.”
One of the goals is to ensure the role of the Department of Homeland Security (DHS) in defending cyber space is clarified and that either DHS’ role here needs to be strengthened or a new cyber security agency needs to be created.