How Can the U.S. Government Better Protect Companies from Cyberattacks
Here are some ways government leaders are protecting the United States from cyberattacks that could steal intellectual property and personal data.
Air Date: April 27, 2021
Moderator: Vincent Voci, Executive Director, Cyber Policy and Operations
Featured Guests: Omar Mohanna, Chairman, Egypt-U.S. Business Council, Mark Montgomery, Senior Director, Center on Cyber and Technology Innovation, Matthew Eggers, Vice President for Cybersecurity Policy, U.S. Chamber of Commerce
During the past several months, U.S. adversaries have carried out significant cyber-enabled espionage campaigns, impacting a wide range of public and private sector targets. With our nation’s cybersecurity at risk, government leaders have quickly turned to legislative solutions to protect our intellectual property and personal data.
Protected Mandatory Reporting Can Help Thwart Increasingly Sophisticated Cyberattacks
Since the Cybersecurity Information Sharing Act of 2015 was passed, companies facing data breaches have been encouraged to share this information with the U.S. government. Yet cyberattacks have only become more sophisticated since then, according to Sen. Mark Warner, chairman of the Senate Select Committee on Intelligence.
“There is an evolving belief that the 2015 structure, on a voluntary basis, is not giving us the level of comprehensive security that we need,” said Warner. “The bad guys, when they’re focused, they’re going to have a fairly high probability of getting in.”
In response, the Committee on Intelligence is working on a bipartisan level to create a structure that would mandate reporting for government contractors and critical infrastructure employees.
“Some of the privacy and other kinds of counter-incentives don’t take place,” Sen. Warner noted, adding that affected companies would have limited immunity and anonymized information. “We can pulse the overall system in a way that will allow [the] public sector and private sector to respond in a more comprehensive way.”
The U.S. Seeks to Work With Its Allies to Establish Cyber Incident Notification Systems
After creating a limited mandatory reporting system in the country, Warner hopes that the U.S. can work with its allies to establish similar notification systems as well as multilateral cyber norms.
“If our adversaries violate these norms and we can find appropriate attribution, there will be consequences to their actions,” Warner explained. “Our failure to have norms [and] a more robust notification system in existence … has allowed, in many ways, Russia and China to launch cyberattacks with virtual impunity.”
“This is a problem of protecting intellectual property … [and] personal information,” he continued. “As long as we can provide that level of limited immunity with anonymity so that those reports are then not made public, I think we can earn industry support.”
The U.S. Cyberspace Solarium Commission Outlines Priorities for 2021
In 2019, the U.S. Cyberspace Solarium Commission was chartered to manage cyber risk and significant cyber events at home and abroad. With several of the Commission’s recommendations being codified into law in 2020, this year has seen a renewed focus in engaging the private sector.
“We’re looking at ways that [we] can get to a common cloud-based environment between federal government agencies, state, local, tribal, territorial and the private sector, basically to get common visibility,” said Solarium commissioner Frank J. Cilluffo.
“We’re also going to be zeroing in on what we’re calling SICI (systemically important critical infrastructure) ... which will basically hone in on the most critical of our critical infrastructures, our lifeline sectors, and establish a set of … benefits and burdens to truly get to that partnership between the public and private sector,” Cilluffo added.
Public and Private Sector Collaboration Is Crucial to Cybersecurity Advancement
“We want to make sure that at the end of the day, our companies, our national security agencies and our citizens as a whole are enhancing their overall cybersecurity efforts,” stated Cilluffo. “The bottom line is, we need to follow up our ideas with the resources.”
“This is not going to be accomplished through Washington alone,” he stressed. “The private sector needs a front-row seat at his table and ultimately will be most critical to any success going forward.”
Mark Montgomery, executive director of the Cyberspace Solarium Commission, agreed that partnership between the public and private sectors would be crucial for success in 2021.
“We actually have to build, pay for and establish infrastructure for collaboration,” Montgomery noted. “Once you do that, the companies will see that their equities are protected … and their opinions matter, and then we’ll get things done.”