A bipartisan commission on Wednesday released a landmark report detailing the U.S. government’s lagging structural approach to cyber deterrence and establishing steps for a new national cyber strategy, including bolstering the Cybersecurity and Infrastructure Security Agency (CISA).
Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), co-chairs of the Cyberspace Solarium Commission, said they are already working on drafting legislation based on the 75 recommendations included in their report.
“The U.S. government is currently not designed to act with the speed and agility necessary to defend the country in cyberspace. We must get faster and smarter, improving the government’s ability to organize concurrent, continuous, and collaborative efforts to build resilience, respond to cyber threats, and preserve military options that signal a capability and willingness to impose costs on adversaries,” the commission writes in the report.
The Cyberspace Solarium Commission, established in the FY ‘19 NDAA and made up of members from federal agencies, Congress and the private sector, spent a year on the report, holding 50 total meetings and conducting over 300 interviews according to King.
King has said the report and its recommendation are similar to “having a 9/11 commission report before 9/11 happens.”
The new strategy detailed in the report is based around a concept of “layered cyber deterrence,” to include establishing norms for cyberspace behavior, denying benefits to adversaries and imposing tougher costs on malicious actors.
The report’s first recommendation calls for an update National Cyber Strategy “that reflects the strategic approach of layered cyber deterrence and emphasizes resilience, public-private collaboration, and defend forward as key elements,” and follows by calling on Congress to establish House and Senate Select Committees on Cybersecurity and the creation of a Senate-confirmed National Cyber Director position to work in the White House.
CISA, the Department of Homeland Security’s cyber agency, is a focus of the report with recommendations to strengthen the office by denoting as “the central coordinating element to support and integrate federal, state and local, and private-sector cybersecurity efforts.”
The commission also calls on the White House to “strengthen a public-private, integrated cyber center in CISA” for critical infrastructure security efforts and establish a Joint Cyber Planning Cell within CISA “to coordinate cybersecurity planning and readiness across the federal government and between the public and private sectors.”
For the Pentagon, the report says Congress must direct DoD to conduct a force structure assessment of Cyber Command’s Cyber Mission Forces to ensure they have the necessary capabilities for its growing mission set.
The report also calls on the Pentagon to conduct a cyber security vulnerability assessment of “all segments of the nuclear control systems and continually assess weapon systems’ cyber vulnerabilities” and asks Congress to require defense industrial base participation in threat intelligence sharing programs and threat hunting on DIB networks.
“The Solarium’s recommendations to form and implement a cohesive national strategy towards defending cyberspace is critical to mitigate these cyber threats,” Rep. John Katko (R-N.Y.), Cybersecurity, Infrastructure Protection and Innovation Subcommittee ranking member, said in a statement following the report’s release. “I will work tirelessly and across the aisle to implement these recommendations and get them to the president’s desk so that America is secure from and resilient to any cyber attacks by our adversaries, criminal organizations, or hackers. The status quo is no longer acceptable, and it needs to change now. These recommendations are a good first step.”