June 23, 2020

Letter Urging Senate Leadership Support for S. 3712, the "CYBER LEAP Act of 2020" and for Cybersecurity Grand Challenges

The Honorable Mitch McConnell

Majority Leader

U.S. Senate

317 Russell Senate Office Building

Washington, DC 20510

The Honorable Charles Schumer

Minority Leader

U.S. Senate

322 Hart Senate Office Building

Washington, D.C. 20510


Dear Majority Leader McConnell and Minority Leader Schumer:

On May 13, 2020, S.3712, the ‘‘Cybersecurity Competitions to Yield Better Efforts to Research the Latest Exceptionally Advanced Problems Act of 2020’’ – known as the ‘‘CYBER LEAP Act of 2020” – was introduced by a bipartisan group of Senators. The undersigned coalitions urge support for cybersecurity grand challenges and look forward to working with Congress on this initiative.

The COVID-19 pandemic has underscored the magnitude of America’s reliance on cyber-related infrastructure, goods and services. It is this infrastructure that has supported this country’s resiliency, as telework, telehealth, distance education, and all manners of communication technologies have ensured the ability to continue conducting business and connecting with friends and family.

The heightened role that these technologies play now and in the future is threatened by several critically important and complex cybersecurity challenges that require urgent attention. The National Security Telecommunications Advisory Committee (“NSTAC”) highlighted these issues in its 2018 “Report to the President on a Cybersecurity Moonshot,” which called for the Trump Administration to declare a national strategic intent to: Make the Internet safe and secure for the functioning of Government and critical services for the American people by 2028.1 As part of this effort, the NSTAC called for “national strategic plans to accelerate growth in…critical technology areas, including through targeted ‘Cybersecurity Grand Challenges’” that would be a focus for new initiatives and investment.

Grand Challenges are a useful model for innovative solutions to seemingly intractable problems. Challenges can focus and accelerate whole-of-nation innovation, and have been successfully leveraged in domains like space, public health and biomedicine.

Indeed, cybersecurity grand challenges would advance our national interest in several critical areas, including: improving the economics of a cyber attack, cybersecurity workforce, emerging technology, digital identity, and federal government cybersecurity. A collective public, private, and academic effort to identify innovative approaches to these topics would drastically improve security, resiliency, and productivity domestically, while improving our standing and competitiveness abroad.

Economically, the bill champions building resilient systems that can raise the cost of adversaries carrying out cyberattacks. This Administration has estimated that malicious cyber activity cost the U.S. economy between $57-$109 billion in 2016, and the consensus from the private sector is that malicious cyber activity has continually increased. 2, 3 Without confronting this challenge, the growth in quantity and sophistication of malicious actors will further exacerbate our nation’s losses.

The bill also focuses on cyber training. Specifically, it calls for empowering our citizens digital literacy and tapping into our country’s latent cybersecurity talent to develop a capable workforce. The need for cyber literacy is illustrated by the high percentage of data breaches and business compromises that could have been avoided with better education around cyber risks and threats.4 As for the workforce, in late 2019, a Department of Homeland Security (“DHS”) official lamented that a lack of government cybersecurity workers was likely a national security issue, and that projections estimated nearly 2 million unfilled cybersecurity positions by 2022.5 This is without mentioning the lack of cybersecurity personnel in critical infrastructure sectors like healthcare who are struggling in the current environment.6

Additionally, the bill stresses meeting the challenge of continual innovation and the emergence of new technologies. Artificial Intelligence (“A.I.”), quantum computing, and 5G are just the latest of what will be an endless stream of new discoveries that both threatens U.S. primacy and provides unrivaled opportunity.

Furthermore, perhaps none of stated challenges the bill seeks to address have been highlighted more by COVID-19 than digital identity. Shelter in place orders and remote work policies only increased the need for, and importance of, online services. Unfortunately, a lack of modern digital identity solutions, especially in the public sector, hampered the ability to both provide these online services and keep them free from fraud. Tackling the challenge of digital identity will create an environment for newer more expansive services that can improve the quality of life of all citizens of this country, and solutions and strategies are already available.7

Lastly, the bill rightly points to the need to reduce cyber risk to federal networks and systems and improve our response to those cyber incidents that do occur. The tens of thousands of reported federal cyber incidents each year ensure that this truly is a grand challenge.8 However, it is a challenge that must be met as the economic and political damage caused by incidents like the OPM breach are unmeasurable and are often avoidable.

The CYBER LEAP Act not only identifies these critically important issue areas, but also incentivizes the development of solutions by fostering a competitive environment that will reward innovation. As the NSTAC report stated, “the Nation must build on past efforts and current strategies to seize the opportunity to strategically reorient from a largely reactive, incremental cybersecurity posture to a proactive approach that boldly assures digital trust, safety, and resilience for all Americans.” We look forward to working with Congress on this important issue.


Sincerely,

Better Identity Coalition

Cybersecurity Coalition

Electronic Signature & Records Association


1 https://www.cisa.gov/sites/default/files/publications/NSTAC_CyberMoonshotReport_508c.pdf

2 https://www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf

3 https://www.accenture.com/us-en/insights/security/cost-cybercrime-study

4 https://enterprise.verizon.com/resources/reports/dbir/2020/results-and-analysis/

5 https://thehill.com/policy/cybersecurity/470117-senior-official-describes-cyber-workforce-shortage-as-national-security

6 https://healthitsecurity.com/news/87-health-orgs-lack-security-personnel-for-effective-cyber-posture

7 https://www.betteridentity.org/s/Better_Identity_CoalitionBlueprint-July2018.pdf

8 https://www.hsgac.senate.gov/imo/media/doc/2019-06-25%20PSI%20Staff%20Report%20-%20Federal%20Cybersecurity%20Updated.pdf