Government report offers guidelines to prevent nationwide cyber catastrophe

Government report offers guidelines to prevent nationwide cyber catastrophe

A much-anticipated government report aimed at defending the nation against cyber threats in the years to come opens with a bleak preview of what could happen if critical systems were brought down.

“The water in the Potomac still has that red tint from where the treatment plants upstream were hacked, their automated systems tricked into flushing out the wrong mix of chemicals,” the Cyberspace Solarium Commission wrote in the opening lines of its report. 

“By comparison, the water in the Lincoln Memorial Reflecting Pool has a purple glint to it. They’ve pumped out the floodwaters that covered Washington’s low-lying areas after the region’s reservoirs were hit in a cascade of sensor hacks," it continues.


So begins the report two years in the making from a congressionally mandated commission made up of lawmakers and top Trump administration officials, pointing to the vulnerabilities involved with critical systems being hooked up to the internet. 

The report, which includes more than 75 recommendations for how to prevent the cyber doomsday it spells out, and the commission that made it were both mandated by the 2019 National Defense Authorization Act (NDAA).

The commissioners, who include co-chairmen Sen. Angus KingAngus KingLeadership changes at top cyber agency raise national security concerns Top cybersecurity official ousted by Trump Republicans start turning the page on Trump era MORE (I-Maine) and Rep. Mike GallagherMichael (Mike) John GallagherReestablishing American prosperity by investing in the 'Badger Belt' Actors union blasts Democrat for criticizing GOP lawmaker's wife Federal commission issues recommendations for securing critical tech against Chinese threats MORE (R-Wis.), highlight a range of issues to address, but zero in on election security as “priority.” 

“The American people still do not have the assurance that our election systems are secure from foreign manipulation,” King and Gallagher wrote in the report. “If we don’t get election security right, deterrence will fail and future generations will look back with longing and regret on the once powerful American Republic and wonder how we screwed the whole thing up.”

The focus on shoring up election security, and the agreed-upon recommendations for how to do this, sets the report apart from the approach to the subject on Capitol Hill, where it has been a major issue of contention between Republicans and Democrats since Russian interference in the 2016 presidential election. 

Beyond election security, the commissioners call for overarching government reform to address cyber vulnerabilities. Chief among these is calling on the White House to issue an updated national strategy to address cyber threats and to establish a national cybersecurity director position to coordinate efforts. 


In terms of congressional action, commissioners recommend that Congress create cybersecurity committees in both the House and Senate, establish a Bureau of Cybersecurity Statistics, and establish an assistant secretary position at the State Department to lead international efforts around cybersecurity. 

“While cyberspace has transformed the American economy and society, the government has not kept up,” commissioners wrote in calling for reforms. 

The commission also zeroed in on “imposing costs” to adversaries who attempt to attack the U.S. online. In order to do so, it recommended that the Department of Defense conduct vulnerability assessments of its weapons systems, including nuclear control systems, and that it make cybersecurity preparedness a necessity.   

The Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security’s cyber agency, would be empowered as the “lead agency” at the federal level.

The report’s recommendations were debated on and pinpointed by a group of high-ranking commissioners who also included FBI Director Christopher Wray, Deputy Secretary of Defense David Norquist, Transportation Security Administration Administrator David Pekoske, Sen. Ben SasseBen SasseWhoopi Goldberg blasts Republicans not speaking against Trump: 'This is an attempted coup' Hogan 'embarrassed that more people' in the GOP 'aren't speaking up' against Trump Democrats gear up for last oversight showdown with Trump MORE (R-Neb.), and Rep. James Langevin (D-R.I.). 

Langevin said in a statement on Wednesday that the report is intended to shore up the nation’s cyber “resiliency for years to come.”

“Our charge in drafting this report was to prevent a cyber event of significant national consequence, and we know that the short- and long-term recommendations we crafted will better position us to realize the promise of the Internet, while avoiding its perils,” Langevin said. “The sooner our recommendations are implemented, the better positioned the country will be to prevent and respond to incidents that can disrupt the American way of life.”

The report’s recommendations may soon have real-world consequences on Capitol Hill. 

Rep. John KatkoJohn Michael KatkoRundown of the House seats Democrats, GOP flipped on Election Day Republicans who could serve in a Biden government Fitzpatrick wins reelection in Pennsylvania MORE (R-N.Y.), the ranking member on the House Homeland Security Committee’s cyber panel, told The Hill this week that there “definitely will be some legislation” stemming from the report’s recommendations, and that hearings would likely be held. 

Katko noted that he had talked with Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonLoeffler isolating after possible COVID-19 infection Rick Scott tests positive for coronavirus GOP Rep. Dan Newhouse tests positive for COVID-19 MORE (R-Wis.) about the Senate also taking action around the report. 

“This report screams of the need for bipartisan action on this, and I hope that we can leave the politics out of it, and I hope we can attack these problems quickly and effectively,” Katko said. 

Rep. Cedric RichmondCedric Levon RichmondFive House Democrats who could join Biden Cabinet Sunday shows - Virus surge dominates ahead of fraught Thanksgiving holiday Richmond says GOP 'reluctant to stand up and tell the emperor he wears no clothes' MORE (D-La.), the cyber subcommittee’s chairman, opened a hearing on Wednesday by praising the report’s recommendations and saying he looked forward to working to “codifying” the ideas alongside House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonTrump tells GSA that Biden transition can begin Hillicon Valley: Leadership changes at top cyber agency raise national security concerns | Snapchat launches in-app video platform 'Spotlight' | Uber, Lyft awarded federal transportation contract Democrats accuse GSA of undermining national security by not certifying Biden win MORE (D-Miss.).

Industry groups also reacted positively to the report’s recommendations. Tom Gann, the chief public policy officer of cybersecurity firm McAfee, told The Hill in a statement that he agreed with most of the report’s findings and hoped that they are “acted upon with speed.”

Protect Our Power, a nonprofit with the goal of protecting the electric grid, also praised the report.

“These are compelling recommendations, echoing issues we have highlighted for several years now, and action is long overdue,” Jim Cunningham, executive director of the group, said in a statement. “Without a reliable supply of electricity before, during and following a disabling cyberattack, none of our critical infrastructure can function.”

While there may be legislative action soon — and praise from industry groups — both Gallagher and King emphasized in the report that their main aim was for it to open the eyes of Americans to the dangers posed by cyberattacks on critical systems. 

“The status quo is inviting attacks on America every second of every day,” the co-chairmen wrote. “We all want that to stop. So please do us, and your fellow Americans, a favor. Read this report and then demand that your government and the private sector act with speed and agility to secure our cyber future.”