In 2016 the ISA published a 12-step program for Congress and the new Administration to address the growing cybersecurity threat. Number 4 on the list (after act with greater urgency, spend more money, and understand cybersecurity is not just about IT) was that “Government needed to get organized to reflect the digital age.”
Yesterday the co-chair of the Cyberspace Solarium Commission created by Congress to address our cybersecurity problems, Sen. Angus King said pretty much the same thing as the ISA report: “If you have a sloppy confusing, bad structure you’re going to have sloppy confusing bad policy.” Apparently, another Commission recommendation will be to enhance the role of cyber insurance.
Not exactly the same as the Solarium Commission, but as we say, close enough for government work.
The problem is that government generally does a really bad job listening to the multiple expert commissions the government and industry put in place to assess how to better address the massive and growing cyber threat. We get report after report often saying much the same thing and nothing happens.
Over the last 10 years we have had multiple commissions on cybersecurity. We had the Hathaway 60-Day Cyber Review, we had the House GOP Task Force on Cybersecurity, we had an internal process leading to President Obama’s Executive Order 13636. We had Obama’s own Commission (as he was leaving office). They all said many of the same things — mostly not implemented.
Just two years ago then-DHS Assistant Secretary for Cybersecurity Manfra appointed a joint industry-government task force on defining collective defense — one of their principle recommendations was the government ought to implement the consensus conclusions of all the commissions we have seen make reports. That hasn’t happened either.
The big idea (good idea) in the Solarium Commission was that since it was created by act of Congress and had a few Senators and Members actually working on the Commission that the good ideas could get actual traction. So far from initial reports they are going to endorse some really good ideas – like reorganizing the government cyber apparatus – not really a new idea but still a good one.
On Broadway this year there is revival of what some say is the greatest musical of all time – My Fair Lady. The signature song from My Fair Lady includes these lyrics “Words, words, words. I’m so sick of words. I hear words all day through. First from them, now from you. Is that all you people can do?… Don’t talk of spring, don’t talk of fall, don’t talk at all, show me! Show me now!”
We are at the stage where we really don’t need more words. The reality is that the cyber threat is massive and getting much worse all the time. The senators and members on the Commission need to take the recommendations – better yet take the consensus recommendations from all these commissions and introduce legislation and fight for them. Put holds on bill riders on must-pass legislation doing real things. No easier low-hanging fruit. Do things like your recommendations — like streamlining our government process.
The Solarium Members are all warmed up. It’s time to sing. Don’t wait for spring, don’t wait for fall, don’t wait at all. Show us!