More than a year after the Cyberspace Solarium Committee recommended more than 80 policy measures to strengthen US cybersecurity, the US government has only codified 27 clauses into the law.
The organization hopes to change this situation this year, and cybersecurity experts agree that the time has come. According to a commissioner and two external experts, important recommendations to be introduced in 2021 include national data protection legislation, federal reporting requirements, and the establishment of a network statistics bureau.
Paul Rosenzweig, a senior cybersecurity researcher at the conservative public policy organization R Street Institute, said that the fact that the US government does not have a clear understanding of cyber threats or how often public and private entities are affected needs to be resolved quickly. Speaking at the RSA meeting on the outstanding priorities of the Cyberspace Solarium Committee (CSC).
He told attendees at the virtual conference: “It is incredible that 15 years after this cybersecurity crisis, we still don’t have an operational chart about the frequency and types of violations in the United States.” “If there is no comprehensive picture. We will never be able to understand what’s actually happening in the local area.”
A series of major cyber incidents have raised cyber security in national consciousness. In December last year, security companies and the US government revealed that the remote management company SolarWinds had been compromised and its software was used to harm thousands of other companies. In early May, attackers associated with Russia used ransomware to attack the oil and gas transportation network Colonial Pipeline, forcing the company to shut down and causing a gas shortage in the southeastern United States.
“For many years, cyber security has been an unstable and abstract issue for most Americans,” CSC Co-Chair Senator Angus King Jr. (I-ME) and Representative Michael J. Galla Gore (R-WI) Said in a tweet on May 28. “No more…because more and more of us have moved from [Colonial Pipeline] The cyber risk of attacking our country is greater than ever. “
The Cyberspace Solarium Committee was established in August 2018 and convened a non-partisan group of legislators and experts to propose policy changes to improve the U.S. cyber posture and self-defense capabilities. On March 11, 2020, CSC announced the results of the survey, recommending that the U.S. government take more than 80 measures to develop overlapping policies for cyber resilience and cyber deterrence. As part of the National Defense Authorization Act (NDAA) passed in 2020, more than two dozen proposals were codified into the law.
Although other laws passed since then also contain two other recommendations, the organization’s focus this year is to advance 30 major recommendations and ensure that the implementation of passed federal legislation can fulfill the promise of cybersecurity.
“The old adage is’policy without resources is empty talk’, so we need to make sure that we also fund some of these initiatives,” said Frank Sillu, CSC Commissioner and Director of the McReilly Institute for Network and Critical Infrastructure Security at Auburn University. Fu said during the RSA meeting. “The Internet goes far beyond national security, so we need to ensure that there are other congressional tools, committees, and other methods that can implement other recommendations and regulations.”
In January, CSC released a white paper that listed the Biden administration’s 15 priorities, including the establishment of the National Cyber Director’s Office and the release of the National Cyber Security Strategy. Biden created the office, nominated Chris Inglis as the national network director, and issued executive orders to strengthen national network security.
However, many other priorities still exist, including the Cyber Emergency Response Fund to help public agencies survive cyber attacks, the Cyber Diplomacy Act that promotes discussions between State Council members’ leadership and cyber policy discussions in other countries, and cyber response funds (such as the National Disaster Fund). Establish a supply chain intelligence center to work with the private sector, and a national security investment company to fund early research on national priorities.
Tom Corcoran, head of cybersecurity at Farmers Insurance Group, said that for the private sector, federal privacy and data protection statues should be a priority. He said that a single law will help fair competition and make incident response faster.
“Companies operating in the United States must analyze the requirements of the 50 states every time they encounter problems,” he said. “National laws will definitely make the company’s life easier.”
Finally, one of the main priorities is the Joint Collaboration Environment (JCE), where the private sector and public institutions can share information about attacks and respond more quickly. However, it still takes time to solve the information sharing problem, CSC’s Cilluffo said.
“There is a reason why we haven’t answered this question for a while-it’s not easy,” he said. “We need to make sure that we solve a series of issues, including privacy. These issues are very complicated. We can’t continue to bet in the second round. We have been playing on this road for too long.”
A senior technical reporter for more than 20 years. Former research engineer. Contributed to more than two dozen publications, including CNET News.com, Dark Reading, MIT Technology Review, Popular Science, and Wired News.Five journalism awards, including the best deadline… View full bio