How the 119th Congress can move the needle on US cybersecurity



white house situation room 09082023 AP AP23251485160227

When the 119th Congress convenes in January, it must modernize the U.S. government’s approach to cybersecurity. This is not only about defending our national security; it is about growing our economic prosperity and ensuring the American way of life. 

This next Congress sits at an uncomfortable crossroads in our collective cyber defense. Threats are growing in frequency and complexity, yet there will be a congressional cyber brain drain. Deep, bipartisan expertise from Reps. Jim Langevin (D-R.I), Will Hurd (R-Texas), John Katko (R-N.Y.) and Mike Gallagher (R-Wisc.) will no longer be there to pull Congress forward.  

To be sure, Sens. Angus King (I-Maine), James Lankford (R-Okla.), Gary Peters (D-Mich) and Mark Warner (D-Va.) remain. And there is important new cyber leadership on the horizon from Reps. Chris Deluzio (D-Pa.), Pat Fallon (R-Texas), Andrew Garbarino (R-N.Y.), Chrissy Houlahan (D-Pa.), Morgan Luttrell (D-Texas) and others. 

AI is capturing attention for the moment, but we must remember that strong cybersecurity is a cornerstone for any successful artificial intelligence program. The congressional agenda for cybersecurity needs to build rapidly on the momentum of the past eight years to fully implement a comprehensive national cybersecurity strategy to protect our critical infrastructure, our federal IT systems, and individual Americans. 

We must continue to implement the recommendations of the Cyberspace Solarium Commission and other common-sense reforms. But Congress will need to do more and appropriate the funding to support it.

We need to continue to rethink our approach to public-private partnerships. The majority of American critical infrastructure is owned and operated by the private sector. It is therefore imperative that we foster a collaborative environment wherein information sharing is the norm. Incentivizing private companies to invest in cybersecurity through tax breaks, grants, and liability protections will create a more resilient national infrastructure. 

The Cybersecurity and Infrastructure Security Agency remains crucial to our cyber defense. CISA’s role in protecting federal networks, critical infrastructure, and election security cannot be overstated. Yet, with the new Trump administration, CISA’s role is expected to be under review. With increasing cyber threats from nation-states and non-state actors alike, we cannot afford to undermine this vital agency. Indeed, we must strengthen it, and even grow it.  

Congress must also support U.S. international engagement by developing legislation that sets rules of engagement for borderless behavior from bad actors. We can impose consequences through new legislation, even as prosecutions for state-enabled hacking should continue. The U.S. must lead in establishing norms and agreements on cyberspace behavior. This includes updating outdated legislation like the Computer Fraud and Abuse Act.  

It will also be critical for this next Congress to encourage engagement with allies and adversaries alike to set expectations and consequences for bad activity to stabilize the digital domain. This includes more authority for the State Department’s Bureau of Cyberspace and Digital Policy to advocate for the adoption of international laws and frameworks that govern cyber conduct consistent with American values such as transparency and the rule of law. 

Investing in the modernization of the federal government’s IT systems must be another critical priority, and Congress will have to appropriate the resources to both continuously improve them. These systems store critical data, including Americans’ personal data, and are under constant attack — yet are often painfully outdated.  

Passing a comprehensive federal privacy law remains a necessity, including providing a floor for data minimization and for data collection and transfers. This is not just about individual American’s personal cybersecurity and privacy. Indeed, there are national security risks to our foreign adversaries having easy access to our personal data. 

Our outdated federal privacy framework also means we are increasingly a global outlier, with implications for our economy, as protections for our cross-border data transfers come under scrutiny. 

Moreover, Congress must address the cybersecurity workforce shortage, both in the federal workforce and nationwide. The demand for skilled cybersecurity professionals far exceeds the supply. This gap leaves our nation vulnerable. Investing in education and training programs is essential. Scholarships for service programs, partnerships with universities, and apprenticeship programs can help build a robust cybersecurity workforce. 

Finally, public awareness and education are crucial. Cybersecurity is not just the government’s responsibility; it is a collective effort. Educating citizens about basic cyber hygiene can reduce the risk of cyber incidents. Public campaigns and school programs can play a vital role in building a cyber-aware society.

The 119th Congress must strengthen our national cybersecurity posture, and it will require all cyber-informed members to take leadership roles to tackle this challenge. But by building on past progress, we can make cyber great again. The time to act is now.

David Hickton is the founding director of the University of Pittsburgh’s Institute for Cyber Law, Policy, and Security (Pitt Cyber) and the former U.S. attorney for the Western District of Pennsylvania. Mark Montgomery, a retired rear admiral who served as director of operations at U.S. Pacific Command, is the senior director of the Center on Cyber and Technology Innovation and a senior fellow at the Foundation for Defense of Democracies and was previously the executive director of the Cyberspace Solarium Commission. 



Source link

About The Author

Scroll to Top