House Cyber Report: Current Defenses Are Inadequate

Offers priorities for action
Author:
Publish date:

The House Energy & Commerce Committee's Subcommittee on Oversight and Investigations has released some recommendations for addressing cybersecurity vulnerabilities based on briefings, hearings reports, round-tables and other input.

It is also based on the conclusion that current cyber defenses aren't cutting it. "[T]raditional information technology strategies seem largely ineffective at stemming the growing tide of cybersecurity incidents—which now range from ransomware attacks that can hold an entire company hostage to hackers’ exploitation of a security vulnerability in the latest cellphone model," the committee said.

That came in a Cybersecurity Strategy Report Friday (Dec. 7), the result of several year's work.

The subcommittee boiled all that fact-finding down to six priorities: 1) "The widespread adoption of coordinated disclosure programs [because there will always be unknowns]. 2) The implementation of software bills of materials across connected technologies [because you cant protect what you don't know you have"]. 3) The support and stability of the open-source software ecosystem [because software is now assembled rather than written]. 4) The health of the Common Vulnerabilities and Exposures (CVE) program [because there needs to be a common cybersecurity language]. 5) The implementation of supported lifetimes strategies for technologies [because digital assets age faster and more unpredictably than physical ones]. 6) The strengthening of the public-private partnership model [because cybersecurity demands a holistic approach]."

The report came the same day that Sen. Mark Warner (D-Va.) lit into the Congress, the Administration, and past congresses and administrations, for doing too little to secure networks and data while our adversaries were launching attacks in cyberspace with relative impunity.

He called for swift action, including better protecting data and networks, prioritizing defense spending for cyber and information operations, and educating the public on what is at stake and at risk, including the nation's security and their personal data.

Related