March 10, 2017

New Democrat Coalition Urges President to Prioritize Cybersecurity

New Democrat Coalition Members sent a letter to President Trump urging him to prioritize cybersecurity issues in the budget, including building the cyber workforce, strengthening public-private partnerships, and investing in cyber infrastructure. New Democrat Coalition Cybersecurity Task Force Co-Chairs Derek Kilmer, Kathleen Rice and Josh Gottheimer led the letter to President Trump which includes over 30 signatories.

“As Members of the New Democrat Coalition, we believe the future of our nation’s security will depend on our ability to operate effectively in the cyber domain. The Internet and online resources are indispensable for business, government services, and communication networks. We believe we need a tough and smart security policy to protect average citizens, businesses and government agencies alike,” Members wrote in the letter.

New Democrat Coalition Members are leaders within the Democratic Party on cybersecurity and national security issues, with approximately half of the New Dem Coalition members serving on one of the national security committees. New Democrats serve as the top Democrats on the Armed Services, Intelligence, and Foreign Affairs Committees.

 

A copy of the letter can be found here or below:

 

President Donald J. Trump                                                                                                    

The White House

1600 Pennsylvania Avenue NW

Washington, D.C. 20500

 

President Trump,

As Members of the New Democrat Coalition, we believe the future of our nation’s security will depend on our ability to operate effectively in the cyber domain. The Internet and online resources are indispensable for business, government services, and communication networks. We believe we need a tough and smart security policy to protect average citizens, businesses, and government agencies alike.

As recent high profile data breaches and cyber incidents have taught us, our online activities face increasing threats from nation-states, criminal rings, and cyber “hacktivists” intending to disrupt and disable critical systems and data. We learned these lessons from the cyber-attack on the Office of Personnel Management, compromising more than 21 million personnel records; the North Korean attack on Sony, costing the company $35 million; the 2013 data breach from Target, costing $135 million; and the hack of the Democratic National Committee, which led to the release of a significant amount of sensitive information. With this in mind, it is clear that cyber-attacks have very real and costly consequences.

We write to highlight the importance of making smart cybersecurity investments, which will more than pay off in the long run. Specifically, we encourage you to focus on making substantial improvements and investments in the following areas:

Building the workforce – Through increased investments in basic research and cybersecurity curricula in colleges and universities, we can build a pipeline of better trained cyber professionals entering both the government and private sector workforces. In turn, more research emerging from these academic centers means more innovation and better capabilities to prevent and mitigate cyber-attacks. We also encourage you to prioritize pursuing non-traditional education efforts such as offering debt forgiveness in exchange for serving the federal government in an IT role and supporting apprenticeship programs that enable veterans and other professionals to work as cybersecurity practitioners with 21st century skills in the public sector. This focus would also help address veteran unemployment, improve regional economies, and strengthen the security of our utilities, dams, and other public infrastructure.

Enabling government to lead by example – The government’s protective capabilities are slowly improving, but not fast enough. Many government systems still run on outdated systems such as the Windows XP operating system that Microsoft ceased supporting with upgrades and patches in 2014. With that in mind, the government is ill-suited to make regulatory demands on private industry regarding how to improve system security. The government needs substantial investment in IT modernization, including the latest commercial off-the-shelf technologies that can secure civilian government and defense systems under constant attack.

Strengthening Public-Private Partnerships – One of the most effective levers of government power in cybersecurity is its convening authority.  We should do more to encourage companies and government agencies to come to the table to solve shared problems. 

The National Institute of Standards and Technology (NIST) has led the way for government and industry collaboration to develop technical and operational cybersecurity guidance. Successful collaborative efforts have resulted in widely recognized and adopted practices such as the 2014 NIST Cybersecurity Framework. NIST is in a primary position to bring government, industry, and academic stakeholders together to identify and remediate emerging cyber threats.  Unfortunately, it cannot do so effectively with its currently limited budget. We encourage you to provide robust funding levels to NIST so it can take a lead role in developing and widely implementing security standards.

 

Likewise, the Department of Homeland Security (DHS) has developed many programs that offer assistance to state governments and the private sector. However, these programs are stretched thin, greatly limiting their reach. We urge you to develop a dedicated grant program for cybersecurity preparedness for state and local governments, as well as a substantial buildout of personnel and technology for the National Cybersecurity and Communications Integration Center – the nation’s central watch, warning, and incident response collaboration between industry and government.

Investing in infrastructure – The nation’s electric grid, water purification systems, nuclear power plants, dams, and other computer-control systems are under serious threat of infiltration and attack. When it comes to critical infrastructure, cybersecurity is a matter of physical security and protecting American lives. Investments in our country’s infrastructure must include a focus on our nation’s critical infrastructure and the digital systems that secure and protect their operations. We need to work closely with the private sector stakeholders that own and operate these vital infrastructure control systems to provide research, incentives, and matching funds to fortify what has become the nervous system of our economic and homeland security.

Thank you for your consideration of these critical priorities. We look forward to finding constructive ways to work together to advance smart national security policies, improve our cybersecurity systems, and keep Americans safe.

Sincerely,



--->