The US is at risk for cyberattacks both small and catastrophic, according to a report out Wednesday by a US congressional panel. After months of study, the bipartisan Cyberspace Solarium Commission is calling for wide-ranging cybersecurity changes, including government reforms and better collaboration with the private sector.
"A major cyberattack on the nation's critical infrastructure and economic system would create chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest, and hurricanes in the Southeast," read a letter from the organization's co-chairmen, Sen. Angus King of Maine and Rep. Mike Gallagher of Wisconsin.
The solution is to deter more attacks to begin with, the lawmakers said. That means encouraging better norms around the world, taking away easy targets in US infrastructure, and finding new ways to retaliate against hacks. To get there, the roughly 182-page report makes more 80 recommendations around a six core pillars. Among the recommendations are establishing a National Cyber Director and that Congress should pass a national data security and privacy protection law.
The report addresses ongoing concerns that the US is vulnerable to destabilizing cyberattacks. More than stealing data or spying on US businesses and government agencies, cyberattacks cause destruction. Ransomware, for example, can lock up valuable systems that keep hospitals or cities running, and often permanently destroys valuable data. Other attacks could take out utilities like electricity or water, but would be limited to specific regions because the US has a fragmented system for delivering these services.
To deter these attacks, the US needs to build up resilience, the lawmakers said, or "the capacity to withstand and quickly recover from attacks that could cause harm or coerce, deter, restrain, or otherwise shape U.S. behavior."
The Cyberspace Solarium Commission was founded in 2019 to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences," according to its website.