The Gulf Time Newspaper One of the finest business newspapers in the UAE brought to you by our professional writers and editors.
Amid the chaos of coronavirus, it was encouraging to see a bipartisan, blue-ribbon commission announce a coherent plan for dealing with the next potential catastrophe — a major cyberattack against the United States.
Covid-19 has given us all a foretaste of what a crippling cyberattack would look like: Transportation, infrastructure and health care services would all be severely disrupted. We’d depend on good planning, trusted experts and competent leadership at the top — all qualities that have been in short supply in the Trump administration’s response to the pandemic.
Democracies often aren’t great at planning, normally; that’s the cruel efficiency of authoritarian governments. But in a welcome change, Congress took the initiative more than a year ago to create a group to revamp cyber policy that would cut across political and bureaucratic lines — drawing in members of Congress from both parties; representative of defense and intelligence agencies; and top private-sector experts.
This rare exercise in preparedness was known as the Cyberspace Solarium Commission. The name evoked President Dwight D Eisenhower’s 1953 “Solarium Project†that developed a “New Look†approach to the Soviet Union. Two policymakers dubbed it “the best example of long-term strategic planning in the history of the American presidency.â€
The Cyberspace Solarium Commission’s two co-chairs were Sen. Angus King, a Maine Independent, and Rep. Mike Gallagher, a Wisconsin Republican and Marine combat veteran in Iraq. The panel had 12 other members, including the FBI director and the deputy secretaries of defense, national intelligence and homeland security. The executive branch members helped craft the report but didn’t formally endorse it.
With The Washington Post’s blessing, I moderated the presentation of the group’s report, interviewing the two co-chairs and eight of the panelists onstage. I also attended one of the commission’s roughly 30 meetings and met with executive director Mark Montgomery and his staff at their headquarters in Crystal City, Virginia. My takeaway is that this kind of nonpartisan crisis planning is what the American people want and need from their government, especially in this period of public anxiety and division.
The group’s marquee recommendations were for clearer leadership and accountability at the top. To coordinate planning across the walled gardens of the federal government, it proposed a national cyber director, attached to the White House but confirmable by the Senate, who could drive policy in an emergency. We can see the need for such a policy czar in the Trump administration’s chaotic ad-hoc response to coronavirus. We weren’t ready for a pandemic, just as we aren’t ready for a cyberattack.
Because the biggest risks in a cyberattack would be to the civilian economy, the commission designated the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) as the lead. Personally, I would have preferred a new agency, free from the bureaucratic clutter and political turf wars of DHS. But the organisation chart matters less than CISA’s leadership under Director Christopher Krebs, who was Microsoft’s director of cybersecurity policy and has solid experience.
The commission made smart recommendations for some new tools: a bureau of cyber statistics to gather threat data; an assistant secretary of state for cyber policy to oversee global rules and standards in cyberspace; new cybersecurity certification requirements for companies, so that boards of directors and insurance firms have better yardsticks to measure preparedness.
Surviving a cyberattack is about resilience, and the commission proposed a series of measures: A “continuity of the economy†initiative would clarify how banking, food supply, power and other essentials would survive a digital assault. To aid private firms, and state and local governments, there would be a “Cyber State of Distress†and a “Cyber Response and Recovery Fund.â€
The group made more than 75 recommendations in all, many to be pre-packaged as draft legislation. One of the hardest tasks will be getting Congress’ own act together. Nearly 80 committees and subcommittees now have oversight of aspects of cyber policy. The commission proposed creating new cybersecurity committees in each house that would have primary jurisdiction. Something similar happened 40 years ago with creation of the intelligence committees. The coming turf war will be brutal, but that’s the price of preparation for cyberwar.
King and Gallagher said in introducing this commission’s work: “We are doing a 9/11 report to prevent a 9/11 in the future.†We can see, right now, in the jittery response to coronavirus, the cost of being unprepared.
Here’s a chance to get it right. It’s September 10 in cyberspace. Congress united to create the commission. Now it needs to enact the laws.
—The Washington Post
David Ignatius is an American journalist and novelist. He is an
associate editor and columnist for The Washington Post. He has
written eleven novels, including Body of Lies, which director Ridley Scott adapted into a film