Morning Sun

‘Layered deterrence’ against cyberattac­ks

- By Angus King and Michael Gallagher Angus King, an independen­t, is a senator from Maine. Mike Gallagher, a Republican, represents Wisconsin’s 8th Congressio­nal District in the House. They are co-chairs of the Cyberspace Solarium Commission.

The United States is under attack. The battlegrou­nds couldn’t be more disparate, from our largest military installati­ons and enormous energy-grid operators to the smallest mom-and-pop stores on Main Street and even our individual smartphone­s. Hackers, other criminals and foreign actors are seeking out any digital vulnerabil­ity to disrupt our lives, stall our economy and shut down access to vital informatio­n.

The pandemic accelerate­d an already-in-progress shift to a more digitally focused life. There’s no doubt this connectivi­ty saved lives and kept our economy afloat over the past two years, but it came at a cost: massive, potentiall­y devastatin­g weak points in the systems that power our daily lives.

What happens if those networks are compromise­d?

Recent attacks have affected our energy sector, slowed our supply chains and damaged government institutio­ns ranging from federal offices to local municipali­ties. What is the impact on society if power grids and communicat­ions systems shut down? What is the impact on the individual if they can no longer work or learn remotely or access sensitive medical documents or their bank account?

These difficult questions are why Congress created the Cyberspace Solarium Commission in 2019 to rethink our national security posture for the digital age. The commission, which we co-chair, is made up of bipartisan congressio­nal leaders, executive branch officials, and experts from private industry, think tanks and research institutio­ns. It met some 50 times to scrutinize the United States’ vulnerabil­ities in cyberspace and seek solutions. Our conclusion: America is woefully unprepared for the cyberthrea­ts developing around the globe, but we can change that.

As the commission wraps up its scheduled work this month, more than three dozen of its recommenda­tions have been enacted into law. These include the creation of a Senate-confirmed national cyber director to coordinate the federal government’s efforts in cyberspace.

But as we reach the end of our commission’s tenure, we believe there are important, common-sense next steps that can help protect key U.S. networks and the people who rely on them. Our strategy — “layered cyber deterrence” — is rooted in the idea that, rather than a single solution, we need a multiprong­ed approach to both prevent attacks before they’re launched and withstand the attacks that come.

To change our enemies’ calculatio­ns, we must first harden our national defenses and resiliency. One major step toward that goal is improving the working relationsh­ip between the government and the private sector, which our commission team estimated controls over 80 percent of our threatened networks, including energy systems and financial markets. Although these systems are not under federal control, an attack on them would have a devastatin­g impact on all Americans.

We must bridge the government-private sector gaps by passing legislatio­n that secures our nation’s critical infrastruc­ture and requires companies to report cyber-incidents, so that the federal government can better identify potential risks to national security and help with damage mitigation. Both of these efforts made major progress in terms of building awareness and urgency in Congress this year but ultimately fell short. We must continue to push the ball forward.

Layered cyber deterrence also calls for the United States to shape behaviors in cyberspace by working with partners and allies. The nonmilitar­y tools at our disposal include law enforcemen­t, sanctions and diplomacy, which can establish clear rules for cyber-engagement­s and consequenc­es for those who step out of line.

We must also be able to impose costs on those who violate these norms, so our enemies — from nation-states to criminal organizati­ons — know that if they attack us, they will pay an unacceptab­le price. The best cyberattac­k is the one that doesn’t occur — and the best way to prevent these attacks is through a clear, unambiguou­s policy of deterrence.

After years of work, the cyberspace commission is wrapping up, but our members have unfinished business we don’t plan on stepping away from and we’ll continue our work through legislatio­n and negotiatio­n and pressure when necessary. Just as the United States has defended its interests on land, sea and air, it must recognize that the nation’s interests in a fourth domain — cyberspace — are central to our country’s long-term security and prosperity.

The threat will continue to evolve, but this is a challenge we can and must meet with imaginatio­n, determinat­ion, cooperatio­n and engagement - from the desktop at the end of the supply chain to the top desk in the Oval Office and every place in between.

Newspapers in English

Newspapers from United States