Government report offers guidelines to prevent nationwide cyber catastrophe

Government report offers guidelines to prevent nationwide cyber catastrophe

A much-anticipated government report aimed at defending the nation against cyber threats in the years to come opens with a bleak preview of what could happen if critical systems were brought down.

“The water in the Potomac still has that red tint from where the treatment plants upstream were hacked, their automated systems tricked into flushing out the wrong mix of chemicals,” the Cyberspace Solarium Commission wrote in the opening lines of its report. 

“By comparison, the water in the Lincoln Memorial Reflecting Pool has a purple glint to it. They’ve pumped out the floodwaters that covered Washington’s low-lying areas after the region’s reservoirs were hit in a cascade of sensor hacks," it continues.

ADVERTISEMENT

So begins the report two years in the making from a congressionally mandated commission made up of lawmakers and top Trump administration officials, pointing to the vulnerabilities involved with critical systems being hooked up to the internet. 

The report, which includes more than 75 recommendations for how to prevent the cyber doomsday it spells out, and the commission that made it were both mandated by the 2019 National Defense Authorization Act (NDAA).

The commissioners, who include co-chairmen Sen. Angus KingAngus KingWe weren't ready for a pandemic — imagine a crippling cyberattack Senators offer bill to extend tax filing deadline Russia using coronavirus fears to spread misinformation in Western countries MORE (I-Maine) and Rep. Mike GallagherMichael (Mike) John GallagherGOP lawmaker touts bill prohibiting purchases of drugs made in China Wisconsin Republican says US must not rely on China for critical supplies We weren't ready for a pandemic — imagine a crippling cyberattack MORE (R-Wis.), highlight a range of issues to address, but zero in on election security as “priority.” 

“The American people still do not have the assurance that our election systems are secure from foreign manipulation,” King and Gallagher wrote in the report. “If we don’t get election security right, deterrence will fail and future generations will look back with longing and regret on the once powerful American Republic and wonder how we screwed the whole thing up.”

The focus on shoring up election security, and the agreed-upon recommendations for how to do this, sets the report apart from the approach to the subject on Capitol Hill, where it has been a major issue of contention between Republicans and Democrats since Russian interference in the 2016 presidential election. 

Beyond election security, the commissioners call for overarching government reform to address cyber vulnerabilities. Chief among these is calling on the White House to issue an updated national strategy to address cyber threats and to establish a national cybersecurity director position to coordinate efforts. 

ADVERTISEMENT

In terms of congressional action, commissioners recommend that Congress create cybersecurity committees in both the House and Senate, establish a Bureau of Cybersecurity Statistics, and establish an assistant secretary position at the State Department to lead international efforts around cybersecurity. 

“While cyberspace has transformed the American economy and society, the government has not kept up,” commissioners wrote in calling for reforms. 

The commission also zeroed in on “imposing costs” to adversaries who attempt to attack the U.S. online. In order to do so, it recommended that the Department of Defense conduct vulnerability assessments of its weapons systems, including nuclear control systems, and that it make cybersecurity preparedness a necessity.   

The Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security’s cyber agency, would be empowered as the “lead agency” at the federal level.

The report’s recommendations were debated on and pinpointed by a group of high-ranking commissioners who also included FBI Director Christopher Wray, Deputy Secretary of Defense David Norquist, Transportation Security Administration Administrator David Pekoske, Sen. Ben SasseBenjamin (Ben) Eric SasseAmerica's governors should fix unemployment insurance Mnuchin emerges as key asset in Trump's war against coronavirus House Republican urges Pompeo to take steps to limit misinformation from China on coronavirus MORE (R-Neb.), and Rep. James Langevin (D-R.I.). 

Langevin said in a statement on Wednesday that the report is intended to shore up the nation’s cyber “resiliency for years to come.”

“Our charge in drafting this report was to prevent a cyber event of significant national consequence, and we know that the short- and long-term recommendations we crafted will better position us to realize the promise of the Internet, while avoiding its perils,” Langevin said. “The sooner our recommendations are implemented, the better positioned the country will be to prevent and respond to incidents that can disrupt the American way of life.”

The report’s recommendations may soon have real-world consequences on Capitol Hill. 

Rep. John KatkoJohn Michael KatkoTo fight the rising tide of hate in our country, we must stop bias-based bullying in the classroom Hillicon Valley: House passes key surveillance bill | Paul, Lee urge Trump to kill FISA deal | White House seeks help from tech in coronavirus fight | Dem urges Pence to counter virus misinformation Lawmakers criticize Trump's slashed budget for key federal cyber agency MORE (R-N.Y.), the ranking member on the House Homeland Security Committee’s cyber panel, told The Hill this week that there “definitely will be some legislation” stemming from the report’s recommendations, and that hearings would likely be held. 

Katko noted that he had talked with Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonRemembering Tom Coburn's quiet persistence Coronavirus pushes GOP's Biden-Burisma probe to back burner GOP seeks up to 0 billion to maximize financial help to airlines, other impacted industries MORE (R-Wis.) about the Senate also taking action around the report. 

“This report screams of the need for bipartisan action on this, and I hope that we can leave the politics out of it, and I hope we can attack these problems quickly and effectively,” Katko said. 

Rep. Cedric RichmondCedric Levon RichmondHillicon Valley: House passes key surveillance bill | Paul, Lee urge Trump to kill FISA deal | White House seeks help from tech in coronavirus fight | Dem urges Pence to counter virus misinformation Lawmakers criticize Trump's slashed budget for key federal cyber agency Government report offers guidelines to prevent nationwide cyber catastrophe MORE (D-La.), the cyber subcommittee’s chairman, opened a hearing on Wednesday by praising the report’s recommendations and saying he looked forward to working to “codifying” the ideas alongside House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonPelosi forms House committee to oversee coronavirus response Democrats introduce bill to set up commission to review coronavirus response Hillicon Valley: HHS hit by cyberattack amid coronavirus outbreak | Senators urge FCC to shore up internet access for students | Sanders ramps up Facebook ad spending | Dems ask DHS to delay Real ID deadline MORE (D-Miss.).

ADVERTISEMENT

Industry groups also reacted positively to the report’s recommendations. Tom Gann, the chief public policy officer of cybersecurity firm McAfee, told The Hill in a statement that he agreed with most of the report’s findings and hoped that they are “acted upon with speed.”

Protect Our Power, a nonprofit with the goal of protecting the electric grid, also praised the report.

“These are compelling recommendations, echoing issues we have highlighted for several years now, and action is long overdue,” Jim Cunningham, executive director of the group, said in a statement. “Without a reliable supply of electricity before, during and following a disabling cyberattack, none of our critical infrastructure can function.”

While there may be legislative action soon — and praise from industry groups — both Gallagher and King emphasized in the report that their main aim was for it to open the eyes of Americans to the dangers posed by cyberattacks on critical systems. 

“The status quo is inviting attacks on America every second of every day,” the co-chairmen wrote. “We all want that to stop. So please do us, and your fellow Americans, a favor. Read this report and then demand that your government and the private sector act with speed and agility to secure our cyber future.”