New CSC 2.0 assessment report focuses on cyber threats, government initiatives, private sector collaboration
The U.S. Cyberspace Solarium Commission (CSC) 2.0 published Tuesday an assessment report detailing progress since the publication of the commission’s first annual assessment in August 2021. It said that Congress and the Biden administration have undertaken a herculean effort to advance the nation’s cybersecurity. The report also provided detailed progress toward implementing the commission’s original work, consisting of the report and white papers, and suggested actions that can be taken to accomplish more recommendations.
“Russia and China have conducted significant espionage attacks on the U.S. government and industries and have reportedly embedded malware in U.S. critical infrastructure to facilitate future nefarious activity,” the CSC 2.0 said in its latest assessment report titled ‘2023 Annual Report on Implementation.’ “Criminal actors have also expanded both ransomware and cyber theft activities. We cannot afford to pause in the pursuit of enhanced cybersecurity.”
Senator Angus King, an Independent from Maine, and Rep. Mike Gallagher, a Republican from Wisconsin, co-chairs at CSC 2.0, detailed in the assessment report that lawmakers have remained industrious on cybersecurity issues, both authorizing more cybersecurity programs and ensuring these initiatives have the resources critical to their success. “At the end of last year, for example, Congress codified the new State Department’s Bureau of Cyberspace and Digital Policy, which will promote responsible state conduct in cyberspace and advance U.S. interests.”
They added that Congress has also increased funding for the Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security from $2 billion for fiscal year (FY) 2020 to $2.9 billion for FY23, a 45 percent increase, with further growth expected in FY24.
The co-chairs wrote that the executive branch has made productive changes. “The Office of the National Cyber Director (ONCD) — having reached full operating capacity — issued a comprehensive National Cyber Strategy and associated implementation plan as well as the first-ever National Cybersecurity Workforce and Education Strategy. CISA has continued to improve its technical support to other federal agencies, establish cyber performance goals, and develop plans, sharing, and response efforts through the Joint Cyber Defense Collaborative.”
They also pointed to the Securities and Exchange Commission issuing new rules to increase corporate responsibility for cybersecurity. The National Security Council has coordinated responses to an ever-increasing number of international espionage and malicious cyber incidents, while the National Security Agency has expanded and improved its information-sharing and support efforts with targeted industry partners.
Despite these efforts, federal agencies have an uneven record of collaboration with the private sector, although the Defense and Energy departments have made more progress than others.
Another factor that the co-chairs weighed in on was that collaboration with the private sector is indispensable, since deterring cyber threats depends on the resilience of the U.S. economy and the critical infrastructure that supports it, so the federal government cannot handle the job alone. “Significant work remains necessary to build an effective cybersecurity partnership between the public and private sectors. This will require a careful balancing of incentivization, collaboration, and, only where necessary, regulation across and between each of the country’s critical infrastructure sectors.”
They added that a similar effort is needed to enhance cooperation with like-minded international allies and partners, ensuring a resilient global economy.
Furthermore, to support these efforts, the U.S. government must continue to empower existing cybersecurity agencies and invest in hardening its security posture, the co-chairs identified. “As part of this effort, the government should continue implementing the recommendations of the CSC. Congress created this commission to identify a strategic approach to securing cyberspace.”
The report also revealed that over the course of three years, the commission developed 116 recommendations, many of which are accompanied by model legislative language. “Nearly 70 percent of these recommendations have been fully implemented or are nearing implementation, and an additional 20 percent are on track to be implemented,” it added.
The assessment report said that the fiscal year 2021 National Defense Authorization Act (NDAA) added to the CSC’s original mandate by including the charge to review the implementation of the CSC’s recommendations and provide annual updates. “While work is still required to fully implement all of the CSC’s recommendations, a review of progress shows that cybersecurity leaders throughout the government continue to take significant steps forward,” it added.
As part of the key 2023 implementation milestones, the assessment report said that last September, the Senate confirmed Nathaniel Fick as the inaugural ambassador at large for cyberspace and digital policy at the State Department. Also, the U.S. president issued an executive order expanding the factors considered by the Committee on Foreign Investment in the U.S. to include cybersecurity.
In December, the Cyber National Mission Force became a subordinate unified command of the U.S. Cyber Command, further reflecting its operational success. As part of the FY23 National Defense Authorization Act, Congress established the Bureau of Cyberspace and Digital Policy through the passage of the Cyber Diplomacy Act and authorized the Federal Risk and Authorization Management Program to standardize security assessment of cloud computing products and services used for unclassified federal information.
Also, the FY23 omnibus spending bill authorizes over $2 billion in funding for CISA to carry out its responsibilities and $22 million for the Office of the National Cyber Director to fully staff its office. The Office of the National Cyber Director established the National Cyber Workforce Coordination Group, an interagency forum to address federal workforce and education challenges.
By March this year, the White House issued the National Cybersecurity Strategy, serving as the declaratory policy for U.S. cybersecurity policies. In April, Ambassador Fick announced that the Bureau of Cyberspace and Digital Policy is on track to place a cyber and digital officer in all U.S. embassies by the end of 2024. In May, the Department of Defense released an unclassified summary of its cyber strategy.
In July, the White House issued the National Cybersecurity Strategy Implementation Plan, a roadmap to execute the National Cybersecurity Strategy. The White House announced the U.S. Cyber Trust Mark program to create a voluntary cybersecurity labeling program for Internet of Things consumer devices. The U.S. Securities and Exchange Commission adopted rules for companies to disclose material cybersecurity incidents and cyber risk management practices to increase transparency and public awareness of systemic risks, and the White House rolled out the National Cyber Workforce and Education Strategy.
In conclusion, the CSC 2.0 assessment report said with the release of the National Cybersecurity Strategy and its implementation plan, the path forward has become clearer, even if a long road ahead remains. “For long-lasting success, cybersecurity initiatives require sustained funding, public-private partnerships, and international cooperation,” it added.
The CSC’s work as a government entity concluded with the white papers outlined above. However, the nonprofit CSC 2.0 project has conducted research extending from the commission’s work, in addition to continuing research and analysis on existing recommendations. CSC 2.0 remains committed to providing an annual assessment of how the federal government is doing.
A complimentary guide to the who`s who in industrial cybersecurity tech & solutions
Free DownloadRelated
