As elections loom, key US cyber policy goals still unfinished, Cyber Solarium report says
Incomplete tasks include creating a cyber national guard system, a real-time cyber threat sharing platform, and a national plan for restoring economic functions after a cyber disaster.
An influential cybersecurity policy body says that the federal government has implemented more of its recommendations in the past year but that several hard-hitting items still need completion to better protect the U.S. from nation-state hackers and cybercriminals.
According to the Cyberspace Solarium Commission 2.0 — a continuation of the recommendation body chartered by Congress in 2019 to help guide American cybersecurity policymaking — those objectives include establishing a consistent cybersecurity national guard system, codifying a real-time cyber threat sharing platform for government agencies and creating a nation-wide plan to restore critical economic functions in the event of a cyber disaster.
Another incomplete high-priority item is establishing “benefits and burdens” for systemically important entities that, if disrupted, would create significant negative impact on national security, economic activity or public health and safety if they were to malfunction or be sabotaged.
The recommendations in the annual report from CSC 2.0, stood up in late 2021 after the initial CSC mandate sunset, are aimed at cyber officials in the next presidential administration, with the U.S. guaranteed a presidential transition after President Joe Biden this summer decided to not run for a second term.
“Some of our most important [objectives] are still not done,” said Mark Montgomery, who directs CSC 2.0 with the Foundation for Defense of Democracies think tank, where the body is now housed. Montgomery said he’s been contacted by the Harris and Trump campaign’s presidential transition teams, who asked about ideas the group has put forward.
“Even though we’re at 80% moving along, three or four of our most important ones out of the top 10 are not done,” he said in a call with reporters to preview the findings.
Since last year, there’s been a 10% increase in the implementation or near-implementation of the initial CSC March 2020 recommendations, said Jiwon Ma, a senior policy analyst at FDD’s Center on Cyber and Technology Innovation who helped craft the report.
Of the 82 initial recommendations, almost 80% are either fully implemented or close to it, with an additional 12% making steady progress, she added. This trend is consistent across all 116 recommendations, including those from later recommendation papers, with 80% implemented or nearing completion and another 14% on track for completion.
CSC has been deemed a major force behind contemporary U.S. cyber policy decisions. Members of Congress in the original commission — which included then Reps. Jim Langevin, D-R.I. and Mike Gallagher, R-Wis., as well as Sen. Angus King, I-Maine — formed the backbone that created the Office of the National Cyber Director, which has helped the federal government meet various cyber priorities outlined in a sweeping strategy it unveiled last year.
One area that’s yet to be fulfilled is the creation of House and Senate select committees on cybersecurity, the report says. It’s been an inconsistent miss each year the CSC’s findings have been produced, and Montgomery said that it likely won’t move anywhere soon because there’s no motivation in either chamber or political party to do so.
“We’d have to have a dramatic ‘cyber 9/11’ event where the burning ember of blame is pointed at least partially at Congress for not doing proper oversight,” he added. “That is the only way you would get a provision like that passed.”