It’s been nearly two years since a congressionally-mandated commission made nearly 100 cybersecurity recommendations to the U.S. government.
When the Cyberspace Solarium Commission (CSC) ended its work in 2021, the federal government had started work to slowly implement the 80 cybersecurity recommendations the commission made in 2020.
Out of the commission came CSC 2.0, a private collective co-chaired by Sen. Angus King, I-Maine., and Rep. Mike Gallagher, R-Wisc. Their work now entails ensuring the commission’s recommendations are in place.
Both King and Gallagher say the U.S. is in a much better place now, but they also say there’s more work ahead.
“I think the biggest missing piece right now is almost done, and that is the cyber 'diplomacy' -- the establishment of the bureau in the Department of State, whose job it is to coordinate international activities with regard to cyber and establishing international standards,” King said.
Their work comes amid several high profile cyberattacks on major companies, including one last week at Uber in which the ride-hailing service said a single hacker got full access to cloud-based systems with sensitive customer and financial data.
This week King and Gallagher issued CSC 2.0’s second annual implementation assessment. Among the wins for the bipartisan team is the creation of a National Cyber Director in the Biden administration. Just last week, the Senate confirmed the nation’s first cyber ambassador.
But Gallagher added that the federal government's ability to expand cybersecurity staff is difficult in a world major U.S. companies focused on tech.
“I think we concluded that, even with flexible hiring and pay authorities ... NSA says DoD will never be able to compete with Amazon, Microsoft, when it comes to salary,” Gallagher said.
Both lawmakers have concerns about what the private sector is doing to protect itself from cyberattacks.
Chuck Brooks, a cybersecurity expert and adjunct professor at Georgetown University, says hackers could cause big problems if they accessed companies that manage our nation's infrastructure.
“Most of the companies in America are small, small, medium businesses. And they've become the primary target of a lot of these hackers,” Brooks told Spectrum News.
In states like Massachusetts, there’s been an effort at educating businesses. The Mass Cyber Center has a guide to prepare them to address cyber threats.
"The four areas of the minimum baseline are employee training, threat sharing, incident response planning, and then there's a fourth category, which is like best practices, you know, so cyber hygiene," Mass Cyber Center Director Stephanie Helm told Spectrum News.
October is cybersecurity month, and Helm says it's a perfect opportunity for those with questions about cybersecurity to get answers, as many businesses and organizations will put out tips and advice on steps you can take to protect yourself.