Five years ago, the Cyberspace Solarium Commission (CSC) released its March 2020 report, a blueprint that has reshaped US cybersecurity strategy and policymaking. Established by Congress in the 2019 National Defense Authorization Act, the Commission was charged with developing a comprehensive approach to defend the nation against cyber threats. Since the release of its report and subsequent publications, the commission has focused on shaping legislation to foster a culture of cyber resilience, leaving ‘an indelible mark’ on the nation’s approach to securing its digital infrastructure.
“Over the past five years, Congress and the executive branch have implemented 80 percent of the Commission’s original 82 recommendations and more than three-quarters of all of the ideas the Commission put forth in its report and white papers,” Mark Montgomery, senior director of the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD), and Jiwon Ma, senior policy analyst at the CCTI, wrote in a post last week.
They added that each of these policy ideas reinforces the Commission’s proposed comprehensive strategy for cyberspace—layered cyber deterrence. “In short, to reduce the likelihood and impact of significant cyberattacks, the United States needs to work with allies and partners to shape acceptable behavior, impose costs on adversaries that engage in unacceptable behavior, and shore up defenses so that attempted attacks do not achieve their desired goals.”
Identifying that this is easier said than done, Montgomery and Ma noted that key recommendations, such as creating the Office of the National Cyber Director, strengthening the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, establishing the State Department’s Bureau of Cyberspace and Digital Policy, and delegating authorities to U.S. Cyber Command have fundamentally reshaped how the federal government approaches US cybersecurity. “The federal government now has the tools in place to effectively advance U.S. interests and defend U.S. national security in cyberspace,” they added.
They also observed that every contest between the U.S. and its adversaries extends into cyberspace. “The Commission’s work positioned the United States to prevail in this new domain, but winning requires continued effort — by U.S. lawmakers, federal leaders, and private industry alike.”
Cyber threats are evolving, so the Commission’s work is not done. While the original Commission reached the end of its tenure three years ago, the former commissioners and staff stood up CSC 2.0, a nonprofit initiative, to continue the work. CSC 2.0 remains focused on protecting lifeline critical infrastructure — including water and wastewater systems, healthcare, food and agriculture, and K -12 educational institutions — while strengthening critical infrastructure in emerging sectors like space systems and cloud security. The project also identifies cyber threats facing the transportation sector, which threaten U.S. military mobility and readiness.
The Commission’s success was built on deep collaboration between stakeholders. Over its 18-month tenure, the Commission — led by co-chairs Senator Angus King, an Independent from Maine, and then Rep. Mike Gallagher, a Republican from Wisconsin— held more than 300 meetings with industry leaders, government officials, academics, and international partners to develop actionable solutions.
Reflecting on the work of the Commission, Sen. King told the authors, “I consider my participation in the Solarium Commission among the most successful endeavors of my time so far in the U.S. Senate — but also believe the work must continue.” Rep. Gallagher similarly reflected to the authors, “The success of the Solarium demonstrates what can happen when a bipartisan issue is tackled in a determined and thoughtful manner.”
Following in the Commission’s footsteps, CSC 2.0 continues to provide actionable insights into policy and legislation for a cohesive deterrence strategy. Later this year, CSC 2.0 will release its fifth and final annual assessment report, offering a comprehensive review of US cybersecurity progress and policy gaps.
The Cyberspace Solarium Commission report consists of over 80 recommendations which are organized into six pillars. These included reforming the U.S. government’s structure and organization for cyberspace; strengthening norms and non-military tools; promoting national resilience; reshaping the cyber ecosystem; operationalizing cybersecurity collaboration with the private sector; and preserving and employing the military instrument of national power.
Last October, Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security and the Cyberspace Solarium Commission 2.0 published a report that provides the new U.S. administration essential recommendations to enhance US cybersecurity, incorporating insights from industry specialists and former federal officials. Building upon the work of the Cyberspace Solarium Commission, the report tackles existing shortcomings and new threats, offering a detailed roadmap for the new administration to safeguard America’s digital future.
