Cyberspace Solarium Commission

Last updated

The Cyberspace Solarium Commission (CSC) was a United States bipartisan, congressionally mandated intergovernmental body created by the John S. McCain National Defense Authorization Act for Fiscal Year 2019. Its purpose was "to develop a strategic approach to defense against cyber attacks of significant consequences" to the United States. [1] The commission was sunsetted on December 21, 2021, but is continuing its work as a non-profit in 2022, led by Mark Montgomery, the commission's former executive director at the non-profit organization Foundation for the Defense of Democracies (FDD) with a limited staff and the support of a small number of senior advisors. [2] [3] Known as CSC 2.0, this project preserves the legacy and continues the work of the CSC. [4]

Contents

Mandate and work

The CSC was created in 2019 with the objective to establish policy solutions required to prevent and prepare the United States against cyber attacks. [2] The commission is considered to have had a major impact on cybersecurity policies by providing blueprints for further transformative processes on the future. [5] In 2019, a small group of members from the DoD and DHS, including Mark Montgomery, future executive director, later joined by the future chief of staff to the commission worked to create the building blocks of the commission, working to establish strategy, office, functions, and hiring. The commission hired multiple directors and senior directors and was augmented by multiple detailees from federal agencies to create three task forces and a forth directorate to cover the whole of cyberspace strategy for the United States. During the course of the commission, the staff engaged with over 400 agencies, public sector representatives, and cyber experts. [6] [7]

Reports

The Cyberspace Solarium Commission issued a report in March 2020, listing 83 recommendations, for Congressional and Executive action. [8] Over the course of two years, the commission's work led Congress to legislate, appoint, and confirm the National Cyber Director, pushed the release of cybersecurity-focused executive orders, and broadened the authorities and expanded the budget of the Cybersecurity and Infrastructure Security Agency. [2] [5] By August 2021, the CSC reported that 75% of the initial suggestions had been implemented, but major ones had been ignored to date, such as the creation of a congressional cyber committee. [9] In September 2022, it reported that there was still no signs of a congressional cyber committee being implemented. [10] [11]

The commission made recommendations organized into the categories below. [12]

  1. Reform the U.S. Government's Structure and Organization for Cyberspace.
  2. Strengthen Norms and Non-Military Tools.
  3. Promote National Resilience.
  4. Reshape the Cyber Ecosystem.
  5. Operationalize Cybersecurity Collaboration with the Private Sector.
  6. Preserve and Employ the Military Instrument of National Power.

Commission members

During its tenure, the commission included the following members: [13]

The four federal agency representatives rotated based on agency availability, but were most often attended by the highest policy senior executives in their particular agency.

CSC 2.0

The CSC 2.0 project is led by the original CSC commissioners. It is housed in the Center on Cyber and Technology Innovations (CCTI) at the Foundation for the Defense of Democracies (FDD). [14] [15] CSC 2.0, established in 2022, tracks federal agencies' efforts to carry out the recommendations from the Cyberspace Solarium Commission's 2020 report. [16] [17] It publishes progress reports monitoring the status and implementation of the commission's recommendations, highlighting any remaining gaps and proposing further actions. [18] CSC 2.0 focuses on closing the remaining gaps by reviewing legislation, overseeing agency funding, and highlighting weaknesses in critical infrastructure. [19] It also calls for cooperation between the public and private sectors to develop effective ways to defend against cyber threats. [20]

Reports

Related Research Articles

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

<span class="mw-page-title-main">Federal Office for Information Security</span> German federal agency

The Federal Office for Information Security is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories. It is located in Bonn and as of 2024 has about 1,700 employees. Its current president, since 1 July 2023, is former business executive Claudia Plattner, who took over the presidency from Arne Schönbohm.

<span class="mw-page-title-main">Nathaniel Fick</span> American diplomat, executive, author, and military officer (born 1977)

Nathaniel C. Fick is an American diplomat, technology executive, author, and former United States Marine Corps officer. He was the CEO of cybersecurity software company Endgame, Inc., then worked for Elastic NV after it acquired Endgame. He was an Operating Partner at Bessemer Venture Partners. In 2022, he was selected to lead the U.S. State Department's Bureau for Cyberspace and Digital Policy.

<span class="mw-page-title-main">United States Cyber Command</span> Unified combatant command of the United States Armed Forces responsible for cyber operations

United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise which focus on securing cyberspace.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and offensive power projection thanks to comparatively advanced technology and a large military budget. Cyberwarfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Cyberwarfare by China is the aggregate of cyberattacks attributed to the organs of the People's Republic of China and various related advanced persistent threat (APT) groups.

The 2011 U.S. Department of Defense Strategy for Operating in Cyberspace is a formal assessment of the challenges and opportunities inherent in increasing reliance on cyberspace for military, intelligence, and business operations. Although the complete document is classified and 40 pages long, this 19 page summary was released in July 2011 and explores the strategic context of cyberspace before describing five “strategic initiatives” to set a strategic approach for DoDʼs cyber mission.

<span class="mw-page-title-main">National Cybersecurity and Critical Infrastructure Protection Act of 2013</span>

The National Cybersecurity and Critical Infrastructure Protection Act of 2013 is a bill that would amend the Homeland Security Act of 2002 to require the Secretary of the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government and would codify the role of DHS in preventing and responding to cybersecurity incidents involving the Information Technology (IT) systems of federal civilian agencies and critical infrastructure in the United States.

<span class="mw-page-title-main">Gabi Siboni</span>

Gabriel "Gabi" Siboni is a colonel in the Israel Defense Forces Reserve service, and a senior research fellow and the director of the Military and Strategic Affairs and Cyber Security programs at the Institute for National Security Studies. Additionally, he serves as editor of the tri-yearly published, Military and Strategic Affairs academic journal at INSS. Siboni is a senior expert on national security, military strategy and operations, military technology, cyber warfare, and force buildup. Siboni is an Associate Professor, working specifically in the management of Cyber Security and a part-time lecturer at the Francisco de Vitoria University in Madrid

<span class="mw-page-title-main">Homeland Security Cybersecurity Boots-on-the-Ground Act</span> Bill of the 113th United States Congress

The Homeland Security Cybersecurity Boots-on-the-Ground Act is a bill that would require the United States Department of Homeland Security (DHS) to undertake several actions designed to improve the readiness and capacity of DHS’s cybersecurity workforce. DHS would also be required to create a strategy for recruiting and training additional cybersecurity employees.

<span class="mw-page-title-main">Cyber Threat Intelligence Integration Center</span>

The Cyber Threat Intelligence Integration Center (CTIIC) is a United States federal government agency that operates as a fusion center between intelligence agencies and the private sector for real-time use against cyber attacks. CTIIC was created in the wake of the 2014 cyber attack on Sony in combination with the need to establish a cyber integration center following blocked efforts in Congress that were stymied over liability and privacy concerns of citizens.

<span class="mw-page-title-main">Cyber Security Agency</span> Singaporean government agency

The Cyber Security Agency (CSA) is a government agency under the Prime Minister's Office, but is managed by the Ministry of Digital Development and Information of the Government of Singapore. It provides centralised oversight of national cyber security functions and works with sector leads to protect Singapore's Critical Information Infrastructure (CII), such as the energy and banking sectors. Formed on 1 April 2015, the agency also engages with various industries and stakeholders to heighten cyber security awareness as well as to ensure the development of Singapore's cyber security. It is headed by the Commissioner of Cyber Security, David Koh.

The President's Commission on Enhancing National Cybersecurity is a Presidential Commission formed on April 13, 2016, to develop a plan for protecting cyberspace, and America's economic reliance on it. The commission released its final report in December 2016. The report made recommendations regarding the intertwining roles of the military, government administration and the private sector in providing cyber security. Chairman Donilon said of the report that its coverage "is unusual in the breadth of issues" with which it deals.

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

<span class="mw-page-title-main">Cybersecurity and Infrastructure Security Agency</span> Agency of the United States Department of Homeland Security

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers. Cybersecurity is now considered as important part of individuals and families, as well as organizations, governments, educational institutions and our business. It is essential for families and parents to protect the children and family members from online fraud. The term cyber attack covers a wide variety of actions ranging from simple probes, to defacing websites, to denial of service, to espionage and destruction.

<span class="mw-page-title-main">Global Commission on the Stability of Cyberspace</span> Commission developing diplomatic norms limiting cyber-offense

The Global Commission on the Stability of Cyberspace was a multistakeholder Internet governance organization, dedicated to the creation of diplomatic norms of governmental non-aggression in cyberspace. It operated for three years, from 2017 through 2019, and produced the diplomatic norm for which it was chartered and seven others.

<span class="mw-page-title-main">Office of the National Cyber Director</span> US government agency on cybersecurity

The Office of the National Cyber Director is an agency in the United States Government statutorily responsible for advising the President of the United States on matters related to cybersecurity. It was established in 2021.

National Initiative for Cybersecurity Careers and Studies (NICCS) is an online training initiative and portal built as per the National Initiative for Cybersecurity Education framework. This is a federal cybersecurity training subcomponent, operated and maintained by Cybersecurity and Infrastructure Security Agency.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.

References

  1. "Inside the Cyberspace Solarium Commission". National Security Institute. Retrieved April 28, 2022.
  2. 1 2 3 "The legacy of the Cyberspace Solarium Commission". FCW. Retrieved April 28, 2022.
  3. "Cyberspace Solarium Disbands, to Reform as Nonprofit". GovTech. January 4, 2022. Retrieved April 28, 2022.
  4. "Homepage". CSC 2.0. Retrieved June 2, 2022.
  5. 1 2 Geller, Eric. "Politico Pro Q&A: Cyberspace Solarium Commission co-chairs Sen. Angus King and Rep. Mike Gallagher on the group's legacy". Politico . Retrieved April 28, 2022.
  6. "Interim Report November 2019" (PDF). National Security Commission on Artificial Intelligence. Retrieved January 3, 2025.
  7. "U.S. CYBERSECURITY AND DATA PRIVACY OUTLOOK AND REVIEW – 2019" (PDF). Gibson Dunn. Retrieved January 3, 2025.
  8. "CSC Final Report" (PDF).
  9. "Cyberspace Solarium update finds much work to be done". therecord.media. Retrieved January 3, 2025.
  10. "Cyberspace Solarium Commission calls for sustained investment in defense". therecord.media. Retrieved January 3, 2025.
  11. Murphy, Greg. "Council Post: Revisiting The U.S. Cyberspace Solarium Commission Report". Forbes. Retrieved January 3, 2025.
  12. "Cyberspace Solarium Commission". Cyberspace Solarium Commission. Retrieved July 1, 2022.
  13. "Commissioners". Cyberspace Solarium Commission. Retrieved June 21, 2022.
  14. "Mission and History". CSC 2.0. Retrieved January 5, 2025.
  15. "White House critical infrastructure protection order is 'outdated' and needs rethinking, Cyberspace Solarium Commission says". therecord.media. Retrieved January 5, 2025.
  16. "Cyberspace Solarium Commission 2.0 Brings Much to Think About for the Next Presidential Administration". OODAloop. September 26, 2024. Retrieved January 13, 2025.
  17. "What is the Cyberspace Solarium Commission 2.0 Project and Why Should I (as a US Citizen) Care?". Pivot Point Security. July 29, 2022. Retrieved January 13, 2025.
  18. Poireault, Kevin (September 20, 2024). "US Cyberspace Solarium Commission Outlines Ten Cyber Policy Priorities". Infosecurity Magazine. Retrieved January 13, 2025.
  19. "White House critical infrastructure protection order is 'outdated' and needs rethinking, Cyberspace Solarium Commission says". therecord.media. Retrieved January 13, 2025.
  20. Miller, Maggie (October 22, 2024). "Dozens of former officials chart course for next administration's cyber policies". POLITICO. Retrieved January 13, 2025.
  21. Ma, Jiwon (September 19, 2024). "2024 Annual Report on Implementation". CSC 2.0. Retrieved January 19, 2025.
  22. Ma, Jiwon (June 4, 2024). "Healthcare Cybersecurity Needs a Check Up". CSC 2.0. Retrieved January 19, 2025.
  23. Ma, Jiwon (December 13, 2023). "After Action Report: Multistakeholder Insights to Advance Water and Wastewater Infrastructure Cybersecurity". CSC 2.0. Retrieved January 19, 2025.
  24. Ma, Jiwon (September 19, 2023). "2023 Annual Report on Implementation". CSC 2.0. Retrieved January 19, 2025.
  25. Ma, Jiwon (June 7, 2023). "Revising Public-Private Collaboration to Protect U.S. Critical Infrastructure". CSC 2.0. Retrieved January 19, 2025.
  26. Fixler, Annie (March 28, 2023). "Full Steam Ahead: Enhancing Maritime Cybersecurity". CSC 2.0. Retrieved January 14, 2025.
  27. Ma, Jiwon (November 3, 2022). "Request For Information on Cyber Workforce Development Submitted to the Office of National Cyber Director". CSC 2.0. Retrieved January 14, 2025.
  28. Fixler, Annie (October 10, 2022). "The Need for Cybersecurity Data and Metrics: Empirically Assessing Cyberthreat". CSC 2.0. Retrieved January 14, 2025.
  29. Ma, Jiwon (September 21, 2022). "2022 Annual Report on Implementation". CSC 2.0. Retrieved January 11, 2025.
  30. Fixler, Annie (June 2, 2022). "Workforce Development Agenda for the National Cyber Director". CSC 2.0. Retrieved January 11, 2025.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.