- The U.S. has made significant progress towards developing a more resilient cybersecurity infrastructure, after implementing about 70% the Cyberspace Solarium Commission's recommendations, according to a report from CSC 2.0.
- CSC co-chairs Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wisc., praised the launch and implementation of the National Cybersecurity Strategy during a presentation Tuesday in Washington D.C., but said more work needed to be done on deterrence.
- Key gaps remain in the nation’s cybersecurity posture, including the need to create more resilient federal networks and strengthen key critical infrastructure sectors, such as healthcare, agriculture and water.
The CSC 2.0 report examines the progress made toward implementing the recommendations of the CSC, a congressionally mandated body that was designed to review the ability of the U.S. to deter malicious cyber threats and build a more resilient infrastructure. The CSC issued its first report in March 2020, establishing 82 initial recommendations. The commission later added 34 additional recommendations.
“This year, we’re reaping the benefits from the investments in cybersecurity initiatives made in the previous years with a historic amount of funding invested in cybersecurity through the FY23 omnibus spending bill,” said Mark Montgomery, co-author of the report and senior director of the Foundation for Defense of Democracies Center on Cyber and Technology Innovation.
Of the CSC’s 116 recommendations, 70% are either fully implemented or near implementation, while another 20% are on track for implementation, according to Jiwon Ma, co-author of the report and program analyst at the FDD Center on Cyber and Technology Innovation.
Among the key achievements, officials praised the State Department effort to stand up the Bureau of Cyberspace and Digital Policy and confirm Ambassador Nathaniel Fick. The bureau is designed to help the U.S. combat ransomware and other malicious activity through international diplomacy.
The Securities and Exchange Commission’s adoption of the cyber incident reporting rule was also praised as a significant achievement to drive greater transparency and accountability towards improving corporate governance.
Montgomery said additional work from Congress is needed for two key issues:
- The National Risk Management Act would require the Secretary of Homeland Security to establish a national risk management cycle, which is a recurring process to identify, assess and prioritize physical and cyber risks faced by critical infrastructure.
- The Federal Information Security Modernization Act, if passed, would update the 2014 FISMA ACT and would improve coordination to help protect federal civilian agencies.