Under Trump, Cybersecurity Has Waned

Credit to Author: Ishan Mehta| Date: Thu, 20 Jun 2019 13:00:00 +0000

According to recent polling, Americans view malicious cyber activity as their top security concern—ahead of the economy, nuclear threats, and ISIL. This fear is well-justified. Within the last couple of years, there have been cyberattacks in the United States against the electoral system, the financial industry, the power grid, and hospitals.

Ishan Mehta is a policy adviser for the National Security Program at Third Way and the 2019 Young Professionals in Foreign Policy Cybersecurity and Technology Fellow.

Despite these events, the US government is simply not doing enough to combat the burgeoning threat of cybercrime. A recent report I coauthored estimated that for every 1,000 cyber incidents, just three see an enforcement response. Malicious cyber actors outside the US are acting with impunity, and, understandably, fear no consequences from the harm they impose on Americans.

Though the White House has not opposed specific legislation coming out of Congress—the president has signed all the cybersecurity bills sent to his desk—it also has not demonstrated an overarching strategy necessary to combat this pressing issue. In fact, the Trump administration is actively undoing the progressive cybersecurity policy of past administrations. The role of the White House Cyber Coordinator was eliminated by John Bolton in order to consolidate power at the National Security Council. Former secretary of state Rex Tillerson removed the Office of the Coordinator for Cyber Issues, which had served as an important diplomatic arm for US cyber diplomatic efforts. The White House’s 2018 budget zeroed out funding for the biggest digital evidence training center in the country.

All this leads me to conclude that for the president and his administration, cybersecurity is simply not a priority. As a result, Congress has been left to its own devices to enact a comprehensive strategy that aims to identify, stop, and punish malicious cyber actors. Congress has too often abdicated this role, relying on lobbyists to draft legislation. Some have complained that the depletion of resources has hindered them from doing their job properly. But even without leadership from the White House, there is a lot more Congress can do.

The good news: Congress is introducing more bills on cybersecurity. My colleague and I at Third Way counted 226 pieces of legislation that focused primarily or tangentially on cybersecurity from 2017 through 2018; a few years ago, the 114th Congress introduced only 22 bills on the issue. However, less than 14 percent of these 226 bills—and only two of the 10 bills signed into law—imposed consequences on malicious actors or built up efforts to counter cybercrime.

The House Homeland Security committee has voiced frustration that the Senate has consistently failed to advance bills passed by the House. Still, the fact remains that it is up to Congress to overcome systemic dysfunction and pass more productive bills on this critical issue.

The Cyber Solarium Commission, which was signed into law last year, presents an opportunity to study the pertinent issues and develop concrete policy solutions. Its 14 members were announced in May. The Commission will have full subpoena power; all government agencies are required to cooperate with it. Further, no information may be withdrawn on security classification grounds, echoing the parameters of the 9/11 Commission.

Even if outstanding questions about Russia and election interference face opposition from the current administration, the commission's fact-finding inquiries and the advancement of a decisive cyber vision could provide a baseline for the next administration to build upon.

While the Cyber Solarium Commission may not be a one-shot solution, it has the power to create a sweeping set of policies to identify, stop, and punish malicious cyber actors. Congress should put its full force behind the commission to achieve those goals.

WIRED Opinion publishes articles written by outside contributors, representing a wide range of viewpoints. Read more opinions here. Submit an op-ed at opinion@wired.com

https://www.wired.com/category/security/feed/