US must do more to stop cyberattacks, bipartisan commission finds

A group of lawmakers called the Cyberspace Solarium Commission says significant changes are needed to address vulnerabilities.

Erin Carson Former Senior Writer
Erin Carson covered internet culture, online dating and the weird ways tech and science are changing your life.
Expertise Erin has been a tech reporter for almost 10 years. Her reporting has taken her from the Johnson Space Center to San Diego Comic-Con's famous Hall H. Credentials
  • She has a master's degree in journalism from Syracuse University.
Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Erin Carson
Laura Hautala
2 min read

There's a new report out on cyberattacks against the US. 

Graphic by Pixabay/Illustration by CNET

The US is at risk for cyberattacks both small and catastrophic, according to a report out Wednesday by a US congressional panel. After months of study, the bipartisan Cyberspace Solarium Commission is calling for wide-ranging cybersecurity changes, including government reforms and better collaboration with the private sector. 

"A major cyberattack on the nation's critical infrastructure and economic system would create chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest, and hurricanes in the Southeast," read a letter from the organization's co-chairmen, Sen. Angus King of Maine and Rep. Mike Gallagher of Wisconsin.

The solution is to deter more attacks to begin with, the lawmakers said. That means encouraging better norms around the world, taking away easy targets in US infrastructure, and finding new ways to retaliate against hacks. To get there, the roughly 182-page report makes more 80 recommendations around a six core pillars. Among the recommendations are establishing a National Cyber Director and that Congress should pass a national data security and privacy protection law.

The report addresses ongoing concerns that the US is vulnerable to destabilizing cyberattacks. More than stealing data or spying on US businesses and government agencies, cyberattacks cause destruction. Ransomware, for example, can lock up valuable systems that keep hospitals or cities running, and often permanently destroys valuable data. Other attacks could take out utilities like electricity or water but would be limited to specific regions because the US has a fragmented system for delivering these services.

To deter these attacks, the US needs to build up resilience, the lawmakers said, or "the capacity to withstand and quickly recover from attacks that could cause harm or coerce, deter, restrain, or otherwise shape U.S. behavior."

The Cyberspace Solarium Commission was founded in 2019 to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences," according to its website.

Watch this: Jeff Bezos' phone hack started with a WhatsApp message: a timeline