The US is facing a “catastrophic cyber-attack” which could create lasting damage exceeding that of the many serious fires, floods and hurricanes the country has had to endure, according to a new analysis from a federal commission.
The US Cyberspace Solarium Commission claimed in its report that the country faces multiple threats from cyber-criminals and nation states: IP theft that hinders long-term growth, critical infrastructure attacks, cybercrime and ransomware, espionage for geopolitical advantage and attacks designed to undermined democratic institutions.
“The digital connectivity that has brought economic growth, technological dominance and an improved quality of life to nearly every American has also created a strategic dilemma. The more digital connections people make and data they exchange, the more opportunities adversaries have to destroy private lives, disrupt critical infrastructure and damage our economic and democratic institutions,” the report noted.
“The United States now operates in a cyber-landscape that requires a level of data security, resilience and trustworthiness that neither the US government nor the private sector alone is currently equipped to provide. Moreover, shortfalls in agility, technical expertise and unity of effort, both within the US government and between the public and private sectors, are growing.”
To tackle these challenges, the commission advocated a “layered cyber-deterrence” approach designed to “shape behavior, deny benefits and impose costs.”
The first requires the US to work with allies to promote responsible behavior in cyberspace, the second, to work with the private sector to enhance security, and the third, to retain the capacity to retaliate against enemies in cyberspace.
The report listed six policy pillars and 75 recommendations to help the US get there.
These include suggestions for government reform including: the establishing of a House Permanent Select and Senate Select Committees on Cybersecurity, a Senate-confirmed National Cyber Director and new powers for the Cybersecurity and Infrastructure Security Agency (CISA) that will foreground its work in government.