Cyberspace Solarium Commission warns over slow progress on supply chain risk
The landmark Cyberspace Solarium Commission warned Thursday in an annual report that major barriers remain over the designation of cybersecurity responsibilities under the Defense Production Act (DPA).
In its initial report, published in March last year, the commission called on the federal government to use the DPA to foster domestic production of critical technology and components, and to ensure resources are available if foreign supply chains are disrupted.
Under the Defense Production Act, the federal government can invoke the authority to compel the private sector to prioritize certain contracts, as has occurred during the COVID-19 pandemic with companies such as 3M being compelled to produce masks and other medical equipment.
The report explains that regarding cybersecurity responsibilities related to the DPA, the commission “has encountered significant pressure against this recommendation, which is one of the four that face known significant barriers to implementation,” as it expected.
Other areas for concern identified in the annual report on implementation include progress in the creation of permanent select committees on cybersecurity in the House and Senate.
The report found also that major obstacles will need to be overcome before a national law on data security and privacy protection can be passed.
The latest document represents a progress update on the implementation of recommendations from the initial Cyberspace Solarium Commission report. Of recommendations included in the initial report, 22% have so far been implemented, 13.4% are nearing implementation, and 43.9% are identified as being “on track.” However, progress has been limited on 15.9% of proposals, and significant barriers remain in enacting 4.9% of recommendations.
However, the report also highlighted a number of core recommendations that so far have been achieved by the White House, including the creation and appointment of the role of National Cyber Director, provisions to strengthen the Cybersecurity and Infrastructure Security Agency, the codification of sector risk management agencies, and the launch of a joint cyber planning office.
“The Commission is proud of its progress but recognizes that in order to determine where we go next in cybersecurity, we must be clear eyed about what is not working,” the report said.
The commission is chaired by Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wisc.