Cybersecurity: A Bipartisan Imperative in a Dangerous World

In an increasingly interconnected and hostile world, cybersecurity has never been more critical. And at this critical moment, we’re witnessing troubling signs of political paralysis creeping into this essential domain, jeopardizing our national security and economic livelihood. We must reaffirm the bipartisan spirit that has historically guided cybersecurity policy in the United States. Inconsistent, reactive responses and a lack of qualified leadership leave us dangerously vulnerable to an inevitable cyber crisis, where confusion and delays may be catastrophic.

Consider recent events. China’s extensive efforts to insert malware into our critical infrastructure in order to disrupt future responses to a crisis was quickly followed by the reported Chinese government-affiliated hack of the Treasury Department. The frequency and ease with which these exploitations occur underscores the persistent and sophisticated threats we face. The average cost of a data breach for private companies has soared to a staggering $4.88 million in 2024, a 10% jump from last year, demonstrating the severe financial consequences of cyberattacks. And attacks on critical infrastructure, like hospitals or power grids, can cost lives. 

Dangerous cutbacks

Unfortunately, we’ve seen recent setbacks in Washington that raise serious concerns. The disbanding of the Cyber Safety Review Board, a crucial body designed to analyze and learn from major cyber incidents, sends a dangerous message. The Trump administration’s delay in announcing any senior cyber officials at the Departments of Defense, Energy and State, as well as at the Cyber Infrastructure Security Agency (CISA), further weakens our cyber leadership structure at a time when we need it most. Even legislation aimed at mandating an independent assessment for a potential cyber force, which enjoyed bipartisan support, was weakened by the Biden Administration on the way out the door. These actions not only undermine our ability to effectively defend ourselves. They make it harder to chart a path for the future.

A path forward

We must reverse this trend. First, we need strong, experienced leadership in key cybersecurity roles. The president must work with Congress to confirm a new National Cyber Director as soon as possible. CISA needs a permanent, Senate-confirmed director. 

Second, the Cyber Safety Review Board (CSRB) must be reinstated, staffed with bipartisan experts, and immediately tasked with investigating the recent hack of major telecommunications providers. The CSRB is an investigative body that was actually in the midst of an assessment of Salt Typhoon, yet another egregious Chinese hack. It is modeled on the National Transportation Safety Board, which thankfully remains intact for now.

Third, we need to empower and resource CISA to effectively defend federal civilian networks. In a time when we have never been under greater threat, CISA needs to be funded and authorized to both support the defense of federal cyber networks and engage constructively with the private sector to protect national critical infrastructure. 

Fourth, CISA and the NCD must complete the ongoing and long overdue overhaul of the National Cyber Incident Response Plan. The plan, drafted in the waning days of the Biden administration, currently offers no specifics of how coordination between the federal government, state and local governments, and the private sector should occur. Instead of continued platitudes, the plan must make clear that the National Incident Management System and the Incident Command System, along with the established network of state fusion centers shall be the coordination mechanism. These proven emergency management frameworks are designed for precisely this type of coordinated, multi-jurisdictional response. Ad-hoc approaches will only lead to confusion and delays in a crisis. Continuing attempts to offload the incident management process onto CISA regional offices or ignore it will do the U.S. a great disservice when – not if – a significant cyber incident occurs.

Beyond these immediate steps, we must also address the systemic challenges that keep us vulnerable. Companies must be held accountable for the security of their products. Software must be secure by default, easy to safely use, and easy to update. We cannot rely on consumers to be their own cybersecurity experts.

Cybersecurity is not a Republican or Democrat issue. It’s an American issue. We must work together, across party lines, to strengthen our cyber defenses and protect our nation from the ever-growing threats we face. The time for action is now.

Colin Ahern was appointed the first-ever Chief Cyber Officer of the State of New York by Governor Kathy Hochul in June 2022. He previously served as the Acting Director of New York City’s cyber defense agency, and commanded a cyberspace operations company in the Army. Rear Adm. (Ret.) Mark Montgomery is a senior director at the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies.