Report finds US government has made progress on cybersecurity, more work remains

Report finds US government has made progress on cybersecurity, more work remains

The federal government has made “significant” progress on strengthening the United States against cyber threats over the past year, but more work remains, a congressionally-established bipartisan committee concluded in a report published Thursday. 

The Cyberspace Solarium Commission (CSC) – a group composed of members of Congress, federal officials, and industry leaders – found in its 2021 implementation report that around three-quarters of its recommendations for defending the U.S. against cyber threats have been implemented since March 2020. 

The CSC was charged by Congress with submitting recommendations for strengthening the nation’s cyber defense, with the CSC publishing 82 recommendations last year. Among those implemented include the creation of a national cyber director position at the White House, with Chris Inglis confirmed by the Senate to the position last month, and strengthening the Cybersecurity and Infrastructure Security Agency (CISA).

ADVERTISEMENT

More than two dozen of the CSC’s recommendations were included in the most recent National Defense Authorization Act, most with bipartisan support. 

But the report Thursday stressed that in the wake of a year of escalating attacks, such as the ransomware attacks on Colonial Pipeline and meat producer JBS USA, more remains to be done.

“We have seen a great deal of progress in implementing the original 82 recommendations from that report, as well as the recommendations we added in white papers along the way,” the CSC report reads. “But these changes are just beginning, and the threat remains every bit as real this year. As a country, we all—businesses, government, civil society, and individuals—need to act with more speed and agility when it comes to securing cyberspace.”

CSC co-chairs Sen. Angus KingAngus KingOvernight Energy & Environment — League of Conservation Voters — Climate summit chief says US needs to 'show progress' on environment Manchin, Barrasso announce bill to revegetate forests after devastating fires Rep. Tim Ryan becomes latest COVID-19 breakthrough case in Congress MORE (I-Maine) and Rep. Mike GallagherMichael (Mike) John GallagherHillicon Valley — Presented by Xerox — Tech groups take aim at Texas Republican lawmakers raise security, privacy concerns over Huawei cloud services Overnight Defense & National Security — Presented by AM General — Afghan evacuation still frustrates MORE (R-Wis.) on Thursday discussed the findings of the annual report at a virtual CSC event. King stressed the need for Congress and the federal government to continue zeroing in on cybersecurity.

“The problem is more urgent than we thought, and we thought it was pretty urgent,” King said. “The threat just grows practically daily, and this job is not done, and it will never be done because the adversaries are coming up with new ways to attack us, and we’ve got to be able to adjust and reflect that real sense of urgency about this.”

ADVERTISEMENT

“We need to put in place tools that help us assess our impact over the long run,” Gallagher said. “This is just the beginning of a process.”

Among the outstanding recommendations that the CSC intends to continue pushing for is moving forward legislation to elevate cybersecurity at the State Department, the implementation of a data security and privacy law, zeroing in on the concept of critical infrastructure, and other efforts to heighten cyber defense. 

Commissioners – who also include Sen. Ben SasseBen SassePresident of newly recognized union for adult performers boosts membership Romney blasts Biden over those left in Afghanistan: 'Bring them home' Progressives breathe sigh of relief after Afghan withdrawal MORE (R-Neb.), Rep. Jim LangevinJames (Jim) R. LangevinBipartisan House group introduces legislation to set term limit for key cyber leader House panel approves B boost for defense budget Democratic lawmakers urge DHS to let Afghans stay in US MORE (D-R.I.), and Inglis – are likely to meet with increased bipartisan support for further cybersecurity measures on Capitol Hill following the spike in major cyberattacks.

These have also included the SolarWinds hack, discovered in December, which allowed Russian government-linked hackers to compromise nine federal agencies, along with multiple attacks on hospitals and healthcare systems. 

The Biden administration has taken a number of steps to heighten the nation’s cybersecurity, including President BidenJoe BidenFighter jet escorts aircraft that entered restricted airspace during UN gathering Julian Castro knocks Biden administration over refugee policy FBI investigating alleged assault on Fort Bliss soldier at Afghan refugee camp MORE signing an executive order in May to strengthen federal cybersecurity, and making cybersecurity a priority on the international stage. 

King emphasized that while work remained, the CSC had been able to accomplish a huge amount already. 

“This has been an extraordinarily successful project so far if we implement all of the recommendations that have now been put into law,” King said Thursday. “Our job now is to be sure that we keep after...all those others who are on the front lines and give them the support and the authorities that they need to protect the country.”