Mar 11, 2020 - Technology

Federal report warns U.S. is unready for a cyberattack

Rep. Mike Gallagher and Sen. Angus King. Photo: Cheriss May

The U.S. should take a slew of steps today to prevent a major cyberattack that could wreak wide-scale devastation on the U.S., a year-long study mandated by Congress reported Wednesday.

Why it matters: "A major cyberattack on the nation's critical infrastructure and economic system would create chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest, and hurricanes in the Southeast," the report predicts.

What they're saying: "This is like doing the 9/11 Commission before 9/11 happens. We want to avoid that situation," Rep. Mike Gallagher (R-Wis.), a co-chair of the panel, said at an Axios event Monday.

  • At the same event, Sen. Angus King (I-Maine), the other co-chair, said the U.S. does not currently have an effective deterrence policy in place to discourage hostile cyberattacks. "We are getting killed by a thousand cuts," he said.

Details: The Cyberspace Solarium Commission was established by the 2019 defense appropriations law and named for a Cold War-era project that offered recommendations for forestalling nuclear war.

  • Its report proposes a broad strategy of "layered cyber deterrence" pursued by a reorganized federal cyber defense framework with new permanent select cybersecurity committees in both houses of Congress, a Senate-confirmed National Cyber Director, and a Cyber Bureau at the State Department.
  • The report also calls for establishing a Cyber Response and Recovery Fund, a National Cybersecurity Certification and Labeling Authority, a Bureau of Cyber Statistics, a national privacy and data security law, enhanced election security measures, and formal classifications for "systemically important critical infrastructure."

What's next: President Trump has shown little enthusiasm for long-term planning and risk mitigation efforts in this realm, and his administration eliminated its top cybersecurity coordinator position in 2018. But bipartisan interest in Congress remains high, and the Cyberspace Solarium report gives future executives a template for action.

Go deeper: Read the executive summary or the full report.

Go deeper

Commission to propose sweeping national cybersecurity strategy

Rep. Mike Gallagher (R-Wisc.) and Sen. Angus King (I-Maine). Photo: Cheriss May

An upcoming report on cybersecurity will propose "a very ambitious reorganizing of the federal government, perhaps the most ambitious since the 9/11 Commission," to combat cybersecurity threats, Rep. Mike Gallagher (R- Wis.) said at an Axios event on Tuesday.

Why it matters: Gallagher co-chairs the Cyberspace Solarium Commission with Sen. Angus King (I-Maine). The commission will release a report on March 11 that includes sweeping recommendations on how the Executive Branch and Congress can develop a national defense strategy for cyberspace.

News Shapers: Cybersecurity

Rep. Mike Gallagher (L) and Sen. Angus King discussing the Cyberspace Solarium Commission. Photo: Cheriss May for Axios

On Tuesday morning, Axios White House and politics correspondent Margaret Talev hosted a series of one-on-one conversations to discuss cybersecurity and the news of the day.

Watch the recorded livestream here.

Sen. Angus King and Rep. Mike Gallagher

Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), leaders of the Cyberspace Solarium Commission, announced the release of a report that calls for the creation of a coherent cybersecurity policy at the federal level. They outlined the need for clearly delineated rules around deterrence against cyberattacks, as well as the need for increased U.S. engagement with the international community on these issues.

Sen. Angus King

  • On a sense of urgency on this subject within the legislature: "There’s a tipping point ... people realize how serious this threat is because of IoT, 5G and autonomous vehicles. The threat is very real and getting more serious."
  • Why Congress has to get this right: "Structure is policy. If you’re going to have messy incoherent structure, you’re going to have messy incoherent strategy."

Rep. Mike Gallagher

  • On working across the aisle in cybersecurity policy: “I see an enormous bipartisan consensus, and I don’t see that changing regardless of who wins the election.”
  • On taking a stand in cybersecurity policy: “I would reject any source of moral equivalence between us and Russia and China. [Our cyber policy] is defensive, and it’s in partnership with our allies. We are acting in concert with the free world.”
Lisa Monaco, former Homeland Security and Counterterrorism adviser at the White House

Former Homeland Security and Counterterrorism adviser to President Obama, Lisa Monaco highlighted the intersection of cybersecurity and pandemic disease and underscored the critical need for international collaboration.

  • On the risks of disinformation during a time of crisis: "The biggest threats we face today don’t know any borders. ... We’re seeing an epidemic of disinformation when it comes to coronavirus [and] we should anticipate other state actors to use this opportunity to sow discord and division."
  • On the importance of multilateralism: "You can’t successfully isolate bad actors if you don’t bring other countries along with you … [right now] we’re on the outside looking in and that’s a bad place to be."
Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency, U.S. Department of Homeland Security

Director of CISA at the U.S. Department of Homeland Security, Christopher Krebs discussed how the cyber issues are being communicated to the public, as well as topics around election security.

  • On cybersecurity in the context of coronavirus: "We’re trying to separate the tactical information of today from the strategic issues ... how are we managing things like telecommunications."
  • On election fairness: “Our preparations and protections for the 2020 election are far beyond our preparation for the previous election. ... This will be the most secure and most protected election ever in the United States of America.”

Thank you, Bank of America for sponsoring this event.

U.S. health department hit by cyberattack during coronavirus outbreak

Photo: Saul Loeb/AFP via Getty Images

The Department of Health and Human Services, which has been at the forefront of the Trump administration's coronavirus response, was hit with a cyberattack over the weekend, Bloomberg News first reported and Axios has confirmed.

Why it matters: The attack comes in the midst of the Trump administration's efforts to slow the spread of the coronavirus, which has infected nearly 4,000 people in the U.S.