“For over 20 years, nation-states and non-state actors have used cyberspace to subvert American power, American security, and the American way of life” notes the much-needed report by the Cyberspace Solarium Commission, a group convened as part of the National Defense Authorization Act (NDAA). Its bipartisan chairs are Senator Angus King (I-Maine) and Representative Mike Gallagher (R-Wisconsin) (Check out the event Rep. Gallagher produced with ChinaTechThreat onThe Pentagon’s Risky Business.) Just as the nation organized to defeat Soviet communism, we need a similar whole of America approach to cybersecurity and the root causes of cyberthreats, notably the Chinese Communist Party.
Much needed review of the US on cybersecurity and where it needs to go. It describes strategy of layered cyber deterrence to reduce the probability and impact of cyberattacks of significant consequence. This deterrence is comprised of a set of activities to shape behavior, deny benefits, and impose costs. The most important set of recommendations is the reform of the US government’s structure and organization for cyberspace (p. 31), the key reason that the US is failing to deliver deterrence today. While the report should go further to reboot the armed forces for the digital age, it recognizes that vital administrative changes need to take place, including vesting and streamlining the proper authority for process and decisions in Congress and the Executive branches to resolve the panoply disjointed actors and agencies without an overall coherent strategy. The agency best suited may well be Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security which combines a compelling combination of public and private sector expertise. The recommendations to recruit, develop, and retain a stronger federal cyber workforce are also welcome (p. 43) and could be leveraged by US states.