Report finds US government has made progress on cybersecurity, more work remains
The federal government has made “significant” progress on strengthening the United States against cyber threats over the past year, but more work remains, a congressionally-established bipartisan committee concluded in a report published Thursday.
The Cyberspace Solarium Commission (CSC) – a group composed of members of Congress, federal officials, and industry leaders – found in its 2021 implementation report that around three-quarters of its recommendations for defending the U.S. against cyber threats have been implemented since March 2020.
The CSC was charged by Congress with submitting recommendations for strengthening the nation’s cyber defense, with the CSC publishing 82 recommendations last year. Among those implemented include the creation of a national cyber director position at the White House, with Chris Inglis confirmed by the Senate to the position last month, and strengthening the Cybersecurity and Infrastructure Security Agency (CISA).
More than two dozen of the CSC’s recommendations were included in the most recent National Defense Authorization Act, most with bipartisan support.
But the report Thursday stressed that in the wake of a year of escalating attacks, such as the ransomware attacks on Colonial Pipeline and meat producer JBS USA, more remains to be done.
“We have seen a great deal of progress in implementing the original 82 recommendations from that report, as well as the recommendations we added in white papers along the way,” the CSC report reads. “But these changes are just beginning, and the threat remains every bit as real this year. As a country, we all—businesses, government, civil society, and individuals—need to act with more speed and agility when it comes to securing cyberspace.”
CSC co-chairs Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.) on Thursday discussed the findings of the annual report at a virtual CSC event. King stressed the need for Congress and the federal government to continue zeroing in on cybersecurity.
“The problem is more urgent than we thought, and we thought it was pretty urgent,” King said. “The threat just grows practically daily, and this job is not done, and it will never be done because the adversaries are coming up with new ways to attack us, and we’ve got to be able to adjust and reflect that real sense of urgency about this.”
“We need to put in place tools that help us assess our impact over the long run,” Gallagher said. “This is just the beginning of a process.”
Among the outstanding recommendations that the CSC intends to continue pushing for is moving forward legislation to elevate cybersecurity at the State Department, the implementation of a data security and privacy law, zeroing in on the concept of critical infrastructure, and other efforts to heighten cyber defense.
Commissioners – who also include Sen. Ben Sasse (R-Neb.), Rep. Jim Langevin (D-R.I.), and Inglis – are likely to meet with increased bipartisan support for further cybersecurity measures on Capitol Hill following the spike in major cyberattacks.
These have also included the SolarWinds hack, discovered in December, which allowed Russian government-linked hackers to compromise nine federal agencies, along with multiple attacks on hospitals and healthcare systems.
The Biden administration has taken a number of steps to heighten the nation’s cybersecurity, including President Biden signing an executive order in May to strengthen federal cybersecurity, and making cybersecurity a priority on the international stage.
King emphasized that while work remained, the CSC had been able to accomplish a huge amount already.
“This has been an extraordinarily successful project so far if we implement all of the recommendations that have now been put into law,” King said Thursday. “Our job now is to be sure that we keep after…all those others who are on the front lines and give them the support and the authorities that they need to protect the country.”
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..