In a new report, the Cyberspace Solarium Commission (CSC) deems the system currently used to designate critical sectors as inadequate. CSC evaluates the state of the public-private sector relationship, underlines flaws in policy implementation, and provides recommendations on how to change it to improve national security.
Their assessment is that the administrations incremental approach, is not delivering the necessary improvements to Sector Risk Management Agencies (SRMA) performance, especially as both physical and — especially — cyber threats to the country’s critical infrastructure continue to escalate.
The report further identifies flaws in both the design and implementation of public-private collaboration policy and argues that these flaws are amplified by discrepancies in the structure, resourcing, and capabilities of SRMAs. In short, the performance of SRMAs is inconsistent at best and wholly deficient at worst.
Finally, the report indicates that the current systems for designating sectors as critical and for mitigating cross-sector risks are inadequate. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) is unable to fulfill its responsibilities, and it does not receive the interagency support necessary to act effectively as the national risk manager.
From The Shadows Emerges Knowledge