The new cybersecurity report is a follow-up to the center's 2008 report, Security Cyberspace for the 44th Presidency, which provided cybersecurity recommendations for the incoming president.
“We thought then that securing cyberspace had become a critical challenge for national security, which our nation was not prepared to meet. In our view, we are still unprepared”, said CSIS in its follow-up report, Cybersecurity Two Years Later.
The new report blames opposition from internet companies, turf wars within the administration, and crises in other areas for the lack of cybersecurity progress.
The 2008 report recommended that the administration develop a comprehensive approach to tackling cybersecurity. “The United States still lacks an integrated national cybersecuritystrategy….The goal for 2011 should be to issue a comprehensive national strategy based on new ideas rather than recycling” the 2003 National Strategy to Secure Cyberspace put out by the Bush administration, the 2011 report said.
In addition, while the Department of Homeland Security is responsible for defending the civilian government’s cyberspace and the Department of Defense is responsible for the military networks, no body is responsible for defending the privately owned critical infrastructure networks, CSIS observed.
“Identifying progress in 2011 will be simple. If the nation passes laws and the administration issues effective regulations for critical infrastructure, there has been progress. These should include mandatory improvements in authentication of identity for critical infrastructure. No regulations mean inadequate progress”, the study said.
“The cybersecurity debate is stuck. Many of the solutions still advocated for cybersecurity are well past their sell-by date. Public-private partnerships, information sharing, and self-regulation are remedies we have tried for more than a decade without success. We need new concepts and new strategies if we are to reduce the risks in cyberspace to the United States”, the report concluded.