Cybersecurity Two Years Later

When CSIS published Securing Cyberspace for the 44th Presidency two years ago, cybersecurity was not a major issue for public policy. Along with the work of many others, our first report helped to change this. However, the new energy in the national dialogue on cybersecurity has not yet translated into sufficient progress. We thought then that securing cyberspace had become a critical challenge for national security, which our nation was not prepared to meet. In our view, we are still unprepared.

2010 should have been the year of cybersecurity. It began with a major exfiltration of data from Google and other Fortune 500 companies, saw the Department of Defense describe how its classified networks had been compromised, watched the Stuxnet worm cut through industrial control systems, and ended with annoying denial of service attacks over Wikileaks. These public incidents were accompanied by many other exploits against government agencies, companies, and consumers. They show how the United States is reliant on, but cannot secure, the networks of digital devices that make up cyberspace. As a nation, we must do more to reduce risk, and we must do it soon. Our 2008 report had 25 recommendations for change. As we start a new year and a new Congress, we want to review where progress has been made on these recommendations and where action is necessary.