The U.S. Federal Cyberspace Solarium Commission issued its long awaited report last week and warned of a “catastrophic attack that leaves the nation in tatters”. While right now everyone is worried about Covid-19, this represents a longer term problem that won’t be fixed in a few months.
The report creates a vivid hypothetical attack and is written from the point of view of an unnamed U.S. legislator.
Kind of like with Covid-19, in this hypothetical attack “everything went so wrong, so fast”.
In the narrative, the Potomac River is polluted by toxic chemicals from treatment plants that were hacked, an attack on the city’s floodwater management system leaves an oily sludge in the front of the Lincoln Memorial, the debris of drones litters the city after they were hijacked and crashed into crowds like torpedoes and finally there is a toxic rail accident in Baltimore after the control system was compromised.
The report also provides a slew of recommendations – many of which will be hard to swallow.
For example, to better secure Internet of Things devices, the report suggests moving away from a “first to market” philosophy to one with better security. I predict that will only happen if laws hold companies financially liable for their insecurity – something that has already started in California.
In fact, the report recommends that final goods assemblers be held responsible for damages as a result of cybersecurity incidents.
It makes suggestions around changing Sarbanes Oxley to include more cybersecurity requirements.
Another recommendation is for the government to clean up its own act. Currently there are a lot of cooks in the federal government’s cybersecurity kitchen and that is creating a lot of confusion.
It also suggests that Congress reorganize its committees that really don’t deal well with cybersecurity. I think we need to reorganize the Congress people and find some who understand the problem, but that is a separate issue.
The report goes on and makes a lot more recommendations, but now it is up to the federal government to actually act. The alternative is the response we currently have to Covid-19, which is, in my opinion, a bit of a train wreck in slow motion.
One way or other, these cyberattacks will continue and increase, as we are already seeing during the Covid-19 pandemic. During this pandemic, hospital and government systems are being hit by cyberattacks, slowing response and distracting first responders from their mission. Source: Verdict