A congressional commission dedicated to shoring up America’s cyber defenses has made significant progress in the wake of multiple recent cybersecurity crises, according to a new report.
Nearly 75% of the 82 recommendations made in the Cyberspace Solarium Commission’s March 2020 report, which set out to assess ways the U.S. can improve its digital resilience, have been implemented or are on track to be implemented, according to an evaluation released Thursday by the Commission.
The report notes that some of this movement has been spurred by a wave of high profile cybersecurity incidents within the past year, starting with the revelation in December 2020 that Russian hackers had infiltated at least nine federal agencies using network management software SolarWinds. In March, apparent Chinese hackers exploited a vulnerability in Microsoft’s Exchange Server technology, affecting thousands of users. Multiple ransomware attacks have followed, including one against fuel provider Colonial Pipeline that forced the company to shut down service for multiple days.
In the wake of these incidents, legislation to create a cybersecurity bureau within the State Department, a bill to create a bureau to collect cybersecurity incident statistics and multiple proposals for a national breach notification law have been introduced.
A number of the commission’s proposals, including the implementation of a national cyber director, also got a boost from the most recent national defense authorization bill.
The commission’s leaders warned, however, that initial success does not mean their work is over.
“Over the past year, this commission has helped the country take considerable steps to strengthen its cyber defenses. But as recent cyberattacks have made clear, our work is not yet done,” commission co-chair Rep. Mike Gallagher, R-Wis., said in a statement. “This report outlines our progress and the steps we still need to take to ensure Americans’ lives and livelihoods are better protected online.”
One remaining priority is authorizing the Department of Homeland Security to designate areas of critical infrastructure.
The Commission has faced hurdles in drumming up support for a few key recommendations, including a national data security and privacy protection law. The report notes that such a law is “unlikely to move forward in the near future.” Congress has debated such a law for years, but proposed legislation has frequently faded due to clashes between parties over issues such as federal preemption and industry pushback.
There’s also been little movement in establishing a House Permanent Select and Senate Select Committees on Cybersecurity which could help consolidate cybersecurity policymaking from a smattering of committees.