Lawmakers close to finalizing federal strategy to defend against cyberattacks

Lawmakers close to finalizing federal strategy to defend against cyberattacks
© Getty Images

A federal strategy for defending the U.S. government against cyberattacks is one step closer to completion, with lawmakers saying they have a draft form that could be finalized as early as March.

The report has been in the works since 2018 after the National Defense Authorization Act created a commission, consisting of lawmakers and industry leaders, to draw up recommendations.

Rep. Mike GallagherMichael (Mike) John GallagherCongress has a shot at correcting Trump's central mistake on cybersecurity Cheney battle raises questions about House GOP's future House-passed defense spending bill includes provision establishing White House cyber czar MORE (R-Wis.), co-chairman of the commission, told The Hill that the commission had recently put together a draft version.

ADVERTISEMENT

“Over the holiday we will have a few weeks to dig into the draft text, and there are a few issues we are working through, but we feel good,” Gallagher said on Dec. 19. “We had a meeting this week, an additional meeting, and it was a really robust debate, and so I think we’re getting there.”

The 2020 National Defense Authorization Act, signed into law by President TrumpDonald John TrumpNew Bob Woodward book will include details of 25 personal letters between Trump and Kim Jong Un On The Money: Pelosi, Mnuchin talk but make no progress on ending stalemate | Trump grabs 'third rail' of politics with payroll tax pause | Trump uses racist tropes to pitch fair housing repeal to 'suburban housewife' Biden commemorates anniversary of Charlottesville 'Unite the Right' rally: 'We are in a battle for the soul of our nation' MORE last month, extended the initial deadline for the commission to produce the report to April 30.

Rep. Jim LangevinJames (Jim) R. LangevinCongress has a shot at correcting Trump's central mistake on cybersecurity House-passed defense spending bill includes provision establishing White House cyber czar Overnight Defense: Space Force chooses 2,410 airmen to join ranks | Fire aboard Navy ship extinguished | Congress backs push for national cyber czar MORE (D-R.I.), another member of the commission, told The Hill that the commission would likely publish the report before the new deadline.

“We will get our work done certainly before then. It could well be as early as March,” Langevin said on Dec. 19. “We are coming to a place where we can see the light at the end of the tunnel.”

“I like the direction we are heading in right now. It’s going to be a very overarching document on how best to protect the country in cyberspace,” Langevin said, adding that the recommendations will be a “big priority” in 2020.

ADVERTISEMENT

Threats to the U.S. in cyberspace have grown significantly over the past decade. In the 2019 Worldwide Threat Assessment compiled by former Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsTrump flails as audience dwindles and ratings plummet America's divide widens: Ignore it no longer Trump gives Grenell his Cabinet chair after he steps down MORE, “cyber” topped the list of major global threats.

Coats noted that while Russia and China “pose the greatest espionage and cyber attack threats,” other countries “will increasingly build and integrate cyber espionage, attack, and influence capabilities into their efforts to influence U.S. policies and advance their own national security interests.”

Another major cyber threat that has grown in the past year is that of ransomware attacks, where an attacker encrypts the victim’s system and demands a ransom to unlock it.

Numerous school districts and city governments across the U.S. were hit by ransomware attacks in 2019, severely impacting operations in places such as Baltimore and New Orleans.

While the forthcoming cyber report will focus on protecting the federal government, commission co-chairman Sen. Angus KingAngus KingSenate Democrats push to include free phone calls for incarcerated people in next relief package Trump's pitch to Maine lobstermen falls flat OVERNIGHT ENERGY: Court cancels shutdown of Dakota Access Pipeline | US could avoid 4.5M early deaths by fighting climate change, study finds | Officials warn of increasing cyber threats to critical infrastructure during pandemic MORE (I-Maine) said he hopes the report’s recommendations will prove useful for states and municipalities as well.

ADVERTISEMENT

“The federal government can’t provide support for every institution in America that is subject to ransomware. They’ve got to protect themselves. But we can provide guidance, a template, information, and I think that’s the direction we are moving,” King told reporters last month.

Gallagher and King have said the report will be a road map for the challenges ahead, not a backward-looking analysis.

“The recommendations this commission will issue in the spring of 2020 will be forward looking and prescriptive, rather than a snapshot report that sits on a shelf,” Gallagher and King wrote in an August opinion piece for Lawfare.

“The commission will advocate for the implementation of these recommendations so that the U.S. follows through on changing the strategic environment in cyberspace, which currently threatens the long-term security and prosperity of the United States,” they added.

Other commission members include Sen. Ben SasseBenjamin (Ben) Eric SasseBig Ten conference officially cancels fall football season due to coronavirus Ex-NFL receiver Rep. Anthony Gonzalez: Big Ten skipping football season could be 'catastrophic' for athletes Davis: The Hall of Shame for GOP senators who remain silent on Donald Trump MORE (R-Neb.), former Rep. Patrick MurphyPatrick Erin MurphySupreme Court rules that large swath of Oklahoma belongs to Indian reservation Hillicon Valley: Lawmakers seek 5G rivals to Huawei | Amazon, eBay grilled over online counterfeits | Judge tosses Gabbard lawsuit against Google | GOP senator introduces bill banning TikTok on government devices Bipartisan commission to make 75 recommendations to defend against cyberattacks MORE (D-Pa.), FBI Director Christopher Wray and acting Deputy Secretary of Defense David Norquist.

Another commission member, Suzanne Spaulding, former under secretary at what’s now the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, said at a conference this past year that she envisioned the report covering everything “short of war.”