SOLARIUM TURNS FIVE

This week marks the five-year anniversary of the release of the Cyberspace Solarium Commission’s original March 2020 report, a blueprint that has reshaped U.S. cybersecurity strategy and policymaking. Established by Congress in the 2019 National Defense Authorization Act, the Commission was charged with developing a comprehensive approach to defend the nation against cyber threats. Since the release of its report and subsequent white papers, the Commission’s work has driven major policy shifts with lasting impacts on national resilience and critical infrastructure security.

Over the past five years, Congress and the executive branch have implemented 80 percent of the Commission’s original 82 recommendations and more than three-quarters of all of the ideas the Commission put forth in its report and white papers. Each of these policy ideas reinforces the Commission’s proposed comprehensive strategy for cyberspace — layered cyber deterrence. In short, to reduce the likelihood and impact of significant cyberattacks, the United States needs to work with allies and partners to shape acceptable behavior, impose costs on adversaries that engage in unacceptable behavior, and shore up defenses so that attempted attacks do not achieve their desired goals.

This is easier said than done. But key recommendations, such as creating of the Office of the National Cyber Director, the strengthening of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, establishing the State Department’s Bureau of Cyberspace and Digital Policy, and delegating authorities to U.S. Cyber Command have fundamentally reshaped how the federal government approaches cybersecurity. The federal government now has the tools in place to effectively advance U.S. interests and defend U.S. national security in cyberspace.

Cyber threats are evolving, so the Commission’s work is not done. While the original Commission reached the end of its tenure three years ago, the former commissioners and staff stood up CSC 2.0, a nonprofit initiative, to continue the work. CSC 2.0 remains focused on protecting lifeline critical infrastructure — including water and wastewater systems, healthcare, food and agriculture, and K-12 educational institutions — while strengthening critical infrastructure in emerging sectors like space systems and cloud security. The project also identifies cyber threats facing the transportation sector, which threaten U.S. military mobility and readiness. Following in the Commission’s footsteps, CSC 2.0 continues to provide actionable insights into policy and legislation for a cohesive deterrence strategy. Later this year, CSC 2.0 will release its fifth and final annual assessment report, offering a comprehensive review of cybersecurity progress and policy gaps.

The Commission’s success was built on deep collaboration between stakeholders. Over its 18-month tenure, the Commission — led by co-chairs Sen. Angus King (I-ME) and then Rep. Mike Gallagher (R-WI) — held more than 300 meetings with industry leaders, government officials, academics, and international partners to develop actionable solutions. Reflecting on the work of the Commission, Sen. King told the authors, “I consider my participation in the Solarium Commission among the most successful endeavors of my time so far in the U.S. Senate — but also believe the work must continue.” Rep. Gallagher similarly reflected to the authors, “The success of the Solarium demonstrates what can happen when a bipartisan issue is tackled in a determined and thoughtful manner.”

Today, every contest between the United States and its adversaries extends into in cyberspace. The Commission’s work positioned the United States to prevail in this new domain, but winning requires continued effort — by U.S. lawmakers, federal leaders, and private industry alike.

RADM (Ret.) Mark Montgomery is senior director of the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD). He previously served as executive director of the Cyberspace Solarium Commission and continues to lead CSC 2.0. Jiwon Ma is CCTI’s senior policy analyst and contributes to the work of CSC 2.0, authoring its annual assessments. For more analysis from the authors and CCTI, please subscribe HERE. Follow the authors on X @MarkCMontgomery and @jiwonma_92. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focused on national security and foreign policy.