The CSIS recommends that United States develop the following to improve its cybersecurity position and prevent critical infrastructure from remaining vulnerable to attack:
-- Coherent organization and leadership for federal efforts for cybersecurity and recognition of cybersecurity as a national priority;
-- Clear authority to mandate better cybersecurity in critical infrastructure and new ways to work with the private sector;
-- A foreign policy that uses all tools of U.S. power to create norms, new approaches to governance, and consequences for malicious actions in cyberspace that also lays out a vision for the future of the global Internet;
-- An expanded ability to use intelligence and military capabilities for defense against advanced foreign threats;
-- Strengthened oversight for privacy and civil liberties, with clear rules and processes adapted to digital technologies;
-- Improved authentication of identity for critical infrastructure;
-- An expanded workforce with adequate cybersecurity skills;
-- A new federal acquisition policy to drive the market toward more secure products and services;
-- A revised policy and legal framework to guide government cybersecurity actions; and
-- Research and development (R&D) focused on the hard problems of cybersecurity and a process to identify these problems and allocate funding in a coordinated manner.
To be fair, the federal government already is working on a number of these efforts to improve how it protects critical U.S. infrastructure. For instance, the Obama administration has indeed identified cybersecurity as a major priority, and a host of agencies -- including the Department of Defense (DoD), the Department of Homeland Security (DHS), and the National Security Agency (NSA) -- are working both separately and pooling their resources to attack the problem.
While it's true there has been criticism over how agencies are cooperating on the matter, the government is taking steps to improve this situation. In October the federal government created a cybersecurity pact among the DHS, the DoD, and the NSA to create a formal structure to coordinate joint-agency efforts on protecting critical infrastructure.
The Obama administration also is working to improve identity-management across all federal agencies. The DHS recently expedited a move to a new biometric and smartcard identity-management system government-wide to better vet who can access federal facilities and networks.