Commission overview | |
---|---|
Formed | 2019 |
Dissolved | December 21, 2021 |
Commission executives |
|
Key document | |
Website | Official website |
The Cyberspace Solarium Commission (CSC) was a United States bipartisan, congressionally mandated intergovernmental body created by the John S. McCain National Defense Authorization Act for Fiscal Year 2019. Its purpose was "to develop a strategic approach to defense against cyber attacks of significant consequences" to the United States. [1] The commission was sunsetted on December 21, 2021, but is continuing its work as a non-profit in 2022, led by Mark Montgomery, the commission's former executive director at the non-profit organization Foundation for the Defense of Democracies (FDD) with a limited staff and the support of a small number of senior advisors. [2] [3] Known as CSC 2.0, this project preserves the legacy and continues the work of the CSC. [4]
The CSC was created in 2019 with the objective to establish policy solutions required to prevent and prepare the United States against cyber attacks. [2] The commission is considered to have had a major impact on cybersecurity policies by providing blueprints for further transformative processes on the future. [5] In 2019, a small group of members from the DoD and DHS, including Mark Montgomery, future executive director, later joined by the future chief of staff to the commission worked to create the building blocks of the commission, working to establish strategy, office, functions, and hiring. The commission hired multiple directors and senior directors and was augmented by multiple detailees from federal agencies to create three task forces and a forth directorate to cover the whole of cyberspace strategy for the United States. During the course of the commission, the staff engaged with over 400 agencies, public sector representatives, and cyber experts. [6] [7]
The Cyberspace Solarium Commission issued a report in March 2020, listing 83 recommendations, for Congressional and Executive action. [8] Over the course of two years, the commission's work led Congress to legislate, appoint, and confirm the National Cyber Director, pushed the release of cybersecurity-focused executive orders, and broadened the authorities and expanded the budget of the Cybersecurity and Infrastructure Security Agency. [2] [5] By August 2021, the CSC reported that 75% of the initial suggestions had been implemented, but major ones had been ignored to date, such as the creation of a congressional cyber committee. [9] In September 2022, it reported that there was still no signs of a congressional cyber committee being implemented. [10] [11]
The commission made recommendations organized into the categories below. [12]
- Reform the U.S. Government's Structure and Organization for Cyberspace.
- Strengthen Norms and Non-Military Tools.
- Promote National Resilience.
- Reshape the Cyber Ecosystem.
- Operationalize Cybersecurity Collaboration with the Private Sector.
- Preserve and Employ the Military Instrument of National Power.
During its tenure, the commission included the following members: [13]
The four federal agency representatives rotated based on agency availability, but were most often attended by the highest policy senior executives in their particular agency.
Abbreviation | CSC 2.0 |
---|---|
Formation | 2022 |
Type | 501(c)(3) organization [14] |
Purpose | Cybersecurity |
Leader | Mark Montgomery |
Co-chair | Angus King |
Co-chair | Mike Gallagher |
Website | Official website |
The CSC 2.0 project is led by the original CSC commissioners. It is housed in the Center on Cyber and Technology Innovations (CCTI) at the Foundation for the Defense of Democracies (FDD). [15] [16] CSC 2.0, established in 2022, tracks federal agencies' efforts to carry out the recommendations from the Cyberspace Solarium Commission's 2020 report. [17] [18] It publishes progress reports monitoring the status and implementation of the commission's recommendations, highlighting any remaining gaps and proposing further actions. [19] CSC 2.0 focuses on closing the remaining gaps by reviewing legislation, overseeing agency funding, and highlighting weaknesses in critical infrastructure. [20] It also calls for cooperation between the public and private sectors to develop effective ways to defend against cyber threats. [21]