China’s campaign to break into our critical infrastructure and federal government networks is persistent and growing. Beijing is stealing information while also planting tools and maintaining access in key systems, giving it the option to pressure the United States in the future. Russia also continues to test our critical infrastructure with increasingly sophisticated operations, support criminal operations, gather intelligence, and possibly prepare for future disruption of essential services. Iran and North Korea are also ramping up disruptive attacks on hospitals, schools, local governments, and global commerce. Our adversaries’ offensive cyber operations are not slowing down. But America’s cyber defenses are falling behind.

When Congress created the Cyberspace Solarium Commission in 2019, our mandate was clear: prevent a cyber catastrophe before it strikes. We remember sitting with the commissioners — Republicans, Democrats, industry leaders, and national security veterans — knowing we were attempting something no country had tried before: to build a strategy for defending a digital society at scale. We delivered that strategy, along with 116 actionable recommendations. Many of those reforms reshaped federal cyber policy, and for a time, the United States was gaining ground.

Today, we are seeing erosion across core pillars of America’s cyber posture. Cybersecurity mission capacity is strained; public-private collaboration is losing momentum; federal agencies are operating without stable leadership; and coordination with allies — once one of our greatest strategic advantages — is failing to keep pace with our adversaries who now operate globally and relentlessly. These are not routine dips in activity. They are symptoms of strategic drift.

To reverse that drift, we must recover the clarity and urgency that guided the commission. The entire architecture of layered cyber deterrence depends on stable leadership, predictable budgets, continuous cross-sector collaboration, strong norms, international partnerships, and a healthy cadence of congressional oversight.

The first, most immediate step is obvious: the Cybersecurity and Infrastructure Security Agency (CISA) needs Senate-confirmed leadership and sustained multi-year funding. The agency responsible for advising the entire nation on cybersecurity risk is operating without stable direction at a time of rising threats. CISA has lost approximately one-third of its workforce through reductions and departures while its funding is constantly in flux. The Senate must move swiftly to confirm Sean Plankey—or whomever else is nominated—so CISA can regain the momentum and continuity required to fulfill its role.

Second, the federal government’s cybersecurity workforce crisis must be treated as a national security emergency. Agencies are still bound to hiring models built for the 20th century: rigid classifications, slow timelines, and at-will structures that make it far too easy for private industry to lure talent away. The administration needs to grow, not simply maintain, the CyberCorps: Scholarship for Service — one of our most successful talent pipeline programs for the federal government — which brings highly trained students into agencies in exchange for paying for several years of their education. Even its graduates, fully funded by federal scholarships, run headfirst into hiring barriers and freezes that have nothing to do with skills and everything to do with process.

Third, we must reinstate mechanisms for public-private collaboration. The elimination of the Critical Infrastructure Partnership Advisory Council has created legal uncertainty that chills information sharing between government and industry. Congress’ failure to authorize a long-term extension of the Cybersecurity Information Sharing Act of 2015 creates even more uncertainty about private companies’ ability to share threat information with the government and each other. Most critical infrastructure is privately owned and operated, and we cannot defend it without genuine partnership. Restoring structured collaboration channels is essential to our collective defense.

Lastly, we must rebuild our cyber diplomatic capacity. At the State Department, the seat for the ambassador-at-large for cyberspace and digital policy sits vacant — a troubling signal at a moment when authoritarian regimes are aggressively exporting their vision of a controlled, surveilled internet. The administration should nominate, and the Senate should move urgently to confirm, a new ambassador who can represent American interests in shaping international cyber norms, building allied capacity, and countering digital authoritarianism. The State Department’s Bureau of Cyberspace and Digital Policy’s mission capacity has been gutted through restructuring. Congress should restore personnel and establish consistent funding for capacity-building programs with our partners.

In 2020, the Solarium Commission warned that America could not wait for catastrophe to spur action. That warning stands today. Cybersecurity has long been one of the rare domains that still invites bipartisanship. We should seize that advantage rather than squander it. Congress — on both sides of the aisle — has the capacity to act.

Jim Langevin served in U.S. Congress for 22 years, representing Rhode Island’s second congressional district. He is now the chair of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation (CCTI) and the distinguished chair of the Institute for Cybersecurity and Emerging Technologies at Rhode Island College.

RADM (Ret.) Mark Montgomery is CCTI’s senior director and served as the executive director of the congressionally mandated Cyberspace Solarium Commission.

The post Time to restore America’s cyberspace security system appeared first on CyberScoop.

At this very moment, nation-state actors and opportunistic criminals are looking for any way to target Americans and undermine our national security. 

Their battlefield of choice is cyberspace.

Cybersecurity is the preeminent challenge of our time, and threats to our networks impact far more than just our data––they impact the resilience of our communities, the continuity of our economy, and the security of our homeland. 

Widespread cyber intrusions by Salt Typhoon and Volt Typhoon continue to demonstrate the Chinese Communist Party’s unrelenting quest to steal intellectual property, surveil government officials, and pre-position themselves in our nation’s critical infrastructure to disrupt our way of life at a time of their choosing. Russia, Iran, and North Korea are also probing for vulnerabilities to exploit in our networks.

Any cyberattack can cascade across the essential services that Americans rely on every day—from our airports and hospitals to water treatment facilities, internet providers, and financial systems. Making America cyber strong is not a challenge for one agency or one sector. It is a whole-of-society mission.

As chairman of the House Committee on Homeland Security, I will work with the Trump administration to ensure our nation’s risk advisor, the Cybersecurity and Infrastructure Security Agency (CISA), succeeds in its core mission of protecting federal civilian networks and the critical infrastructure that supports our daily lives. 

The private sector owns or operates most of this infrastructure, and it is no surprise that cyberattacks against these services rose more than 30 percent from 2023 to 2024. Addressing these heightened threats requires more than reactive measures. It demands a proactive cybersecurity posture built on continuous collaboration between the government and industry. 

The Trump administration and Congress must ensure the private sector has a true seat at the table as we chart a course for long-term cyber resilience. Priorities should include preserving strong information sharing, reducing the duplicative and conflicting government compliance standards on businesses, bolstering the cyber workforce, supporting our state, local, tribal, and territorial government entities, and safely harnessing emerging technologies to enhance the capabilities of our cyber defenders. 

These solutions require urgency, but as Cybersecurity Awareness Month comes to a close, the government shutdown has also allowed for important cybersecurity tools to lapse. This lapse is undermining the important public-private sector relationship that underpins our collective defense. 

For the last decade, the Cybersecurity Information Sharing Act of 2015 provided an essential foundation for this partnership. The law enables industry to have honest and sensitive conversations with the federal government, and each other, about the threats facing our networks. This framework also protects the privacy and civil liberties of American citizens when cyber threat information is shared. There has been a tangible impact from these authorities: without this law, we would not know about threat actors, such as Salt Typhoon, compromising our privately-owned critical infrastructure systems. Senate Democrats must pass the House Republican clean continuing resolution to reopen the government and extend this critical authority. Then we must find a longer-term solution to preserve this cybersecurity tool while ensuring it remains relevant to the threat landscape.  

As America’s cyber professionals face heightened threats, they also face increased federal compliance standards. According to testimony before the House Committee on Homeland Security, which I now chair, “bank Chief Information Security Officers now spend 30-50 percent of their time on compliance and examiner management. The cyber teams they oversee spend as much as 70 percent of their time on those same functions.” 

Our cyber regulatory regime should incentivize meaningful security improvements and facilitate actionable information sharing. It cannot be designed in a way that drains resources or slows the ability of companies to respond to fast-moving threats. This year, the average cost of a data breach in the United States reached $10 million, roughly double that of the global average. The exorbitant cost is, in part, due to U.S. cyber regulatory costs.

Congress, in partnership with CISA and the National Cyber Director, must help harmonize duplicative and vague cybersecurity regulations across the federal government so cyber professionals spend less time on paperwork and more time doing what they do best: defending our networks.

Keeping our cyber defenders focused on our networks is vital, especially considering we already face a gap of 500,000 skilled professionals in our current workforce. Closing this gap and building a pipeline of highly skilled professionals across both public and private sectors is essential to meeting the nation’s security needs.

Where that gap persists, artificial intelligence (AI) can serve as a force multiplier for our cyber defenders. We have already seen how AI can significantly enhance threat hunting, response times, and pattern recognition in our networks. But adversaries, like China, are also investing heavily in AI to enhance their own offensive cyber operations, including attempts to compromise or weaponize AI models. That reality makes it crucial that security and safety considerations are built into every stage of AI’s development, deployment, and use.

At the same time, the federal government must avoid reactive and scattershot regulation as our nation’s AI innovators work to win the global AI race. It is important for Congress, the Department of Homeland Security, interagency partners, and the private sector to work together to ensure that we don’t fall behind our adversaries in AI innovation while safeguarding our national security and civil liberties.

Accomplishing any of these goals will depend on mutual trust and collective effort. With a new administration dedicated to restoring accountability in government, we must seize this opportunity to help rebuild Americans’ confidence in the federal cybersecurity and resilience mission.

Cybersecurity remains vital for the safety, security, and prosperity of the American people. We must decide the future of our national cyber defense before our adversaries decide it for us. 

Rep. Andrew Garbarino has represented New York’s Second Congressional District in Congress since 2021. He serves as chairman of the House Homeland Security Committee, and also serves on the House Ethics and House Financial Services Committees.

The post Government and industry must work together to secure America’s cyber future appeared first on CyberScoop.