Cyberspace Solarium Commission

Cyberspace Solarium Commission (CSC)

Commission overview
Formed	2019;6 years ago (2019)
Dissolved	December 21, 2021;3 years ago (2021-12-21)
Commission executives	Angus King, Co-chair Mike Gallagher, Co-chair
Key document	John S. McCain National Defense Authorization Act for Fiscal Year 2019
Website	Official website

The Cyberspace Solarium Commission (CSC) was a United States bipartisan, congressionally mandated intergovernmental body created by the John S. McCain National Defense Authorization Act for Fiscal Year 2019. Its purpose was "to develop a strategic approach to defense against cyber attacks of significant consequences" to the United States. ^[1] The commission was sunsetted on December 21, 2021, but is continuing its work as a non-profit in 2022, led by Mark Montgomery, the commission's former executive director at the non-profit organization Foundation for the Defense of Democracies (FDD) with a limited staff and the support of a small number of senior advisors. ^{[2] [3]} Known as CSC 2.0, this project preserves the legacy and continues the work of the CSC. ^[4]

Mandate and work

The CSC was created in 2019 with the objective to establish policy solutions required to prevent and prepare the United States against cyber attacks. ^[2] The commission is considered to have had a major impact on cybersecurity policies by providing blueprints for further transformative processes on the future. ^[5] In 2019, a small group of members from the DoD and DHS, including Mark Montgomery, future executive director, later joined by the future chief of staff to the commission worked to create the building blocks of the commission, working to establish strategy, office, functions, and hiring. The commission hired multiple directors and senior directors and was augmented by multiple detailees from federal agencies to create three task forces and a forth directorate to cover the whole of cyberspace strategy for the United States. During the course of the commission, the staff engaged with over 400 agencies, public sector representatives, and cyber experts. ^{[6] [7]}

Reports

The Cyberspace Solarium Commission issued a report in March 2020, listing 83 recommendations, for Congressional and Executive action. ^[8] Over the course of two years, the commission's work led Congress to legislate, appoint, and confirm the National Cyber Director, pushed the release of cybersecurity-focused executive orders, and broadened the authorities and expanded the budget of the Cybersecurity and Infrastructure Security Agency. ^{[2] [5]} By August 2021, the CSC reported that 75% of the initial suggestions had been implemented, but major ones had been ignored to date, such as the creation of a congressional cyber committee. ^[9] In September 2022, it reported that there was still no signs of a congressional cyber committee being implemented. ^{[10] [11]}

The commission made recommendations organized into the categories below. ^[12]

1. Reform the U.S. Government's Structure and Organization for Cyberspace.
2. Strengthen Norms and Non-Military Tools.
3. Promote National Resilience.
4. Reshape the Cyber Ecosystem.
5. Operationalize Cybersecurity Collaboration with the Private Sector.
6. Preserve and Employ the Military Instrument of National Power.

Commission members

During its tenure, the commission included the following members: ^[13]

• Co-Chair Senator Angus King (I- Maine)
• Co-Chair Representative Mike Gallagher (R-Wisconsin)
• Representative Jim Langevin
• Senator Ben Sasse
• Chris Inglis
• Suzanne Spaulding
• Frank Cilluffo
• Samantha Ravich
• Tom Fanning
• Patrick Murphy
• Office of the Secretary of the Department of Defense
• Office of the Secretary of Homeland Security
• Office of the Director of National Intelligence, represented by Christopher Wray
• Office of the Federal Bureau of Investigation

The four federal agency representatives rotated based on agency availability, but were most often attended by the highest policy senior executives in their particular agency.

CSC 2.0

Cyberspace Solarium Commission 2.0

Abbreviation	CSC 2.0
Formation	2022;3 years ago (2022)
Type	501(c)(3) organization [14]
Purpose	Cybersecurity
Leader	Mark Montgomery
Co-chair	Angus King
Co-chair	Mike Gallagher
Website	Official website

The CSC 2.0 project is led by the original CSC commissioners. It is housed in the Center on Cyber and Technology Innovations (CCTI) at the Foundation for the Defense of Democracies (FDD). ^{[15] [16]} CSC 2.0, established in 2022, tracks federal agencies' efforts to carry out the recommendations from the Cyberspace Solarium Commission's 2020 report. ^{[17] [18]} It publishes progress reports monitoring the status and implementation of the commission's recommendations, highlighting any remaining gaps and proposing further actions. ^[19] CSC 2.0 focuses on closing the remaining gaps by reviewing legislation, overseeing agency funding, and highlighting weaknesses in critical infrastructure. ^[20] It also calls for cooperation between the public and private sectors to develop effective ways to defend against cyber threats. ^[21]

Reports

• 2024 Annual Report on Implementation, 19 September 2024 ^[22]
• Healthcare Cybersecurity Needs a Check Up, 4 June 2024 ^[23]
• After Action Report: Multistakeholder Insights to Advance Water and Wastewater Infrastructure Cybersecurity, 13 December 2023 ^[24]
• 2023 Annual Report on Implementation, 19 September 2023 ^[25]
• Revising Public-Private Collaboration to Protect US Critical Infrastructure, 7 June 2023 ^[26]
• Time to Designate Space Systems as Critical Infrastructure, 14 April 2023
• Full Steam Ahead: Enhancing Maritime Cybersecurity, 28 March 2023 ^[27]
• Request for the Information on Cyber Workforce Development Submitted to the Office of National Cyber Director, 3 November 2022 ^[28]
• The Need for Cybersecurity Data and Metrics: Empirically Assessing Cyberthreat, 10 October 2022 ^[29]
• 2022 Annual Report on Implementation, 21 September 2022 ^[30]
• Workforce Development Agenda for the National Cyber Director, 2 June 2022 ^[31]

External links

• Official website (no longer updated)
• CSC 2.0 Project official website

References

1. "Inside the Cyberspace Solarium Commission". National Security Institute. Retrieved April 28, 2022.
2. "The legacy of the Cyberspace Solarium Commission". FCW. Retrieved April 28, 2022.
3. "Cyberspace Solarium Disbands, to Reform as Nonprofit". GovTech. January 4, 2022. Retrieved April 28, 2022.
4. "Homepage". CSC 2.0. Retrieved June 2, 2022.
5. Geller, Eric. "Politico Pro Q&A: Cyberspace Solarium Commission co-chairs Sen. Angus King and Rep. Mike Gallagher on the group's legacy". Politico . Retrieved April 28, 2022.
6. "Interim Report November 2019" (PDF). National Security Commission on Artificial Intelligence. Retrieved January 3, 2025.
7. "U.S. CYBERSECURITY AND DATA PRIVACY OUTLOOK AND REVIEW – 2019" (PDF). Gibson Dunn. Retrieved January 3, 2025.
8. "CSC Final Report" (PDF).
9. "Cyberspace Solarium update finds much work to be done". therecord.media. Retrieved January 3, 2025.
10. "Cyberspace Solarium Commission calls for sustained investment in defense". therecord.media. Retrieved January 3, 2025.
11. Murphy, Greg. "Council Post: Revisiting The U.S. Cyberspace Solarium Commission Report". Forbes. Retrieved January 3, 2025.
12. "Cyberspace Solarium Commission". Cyberspace Solarium Commission. Retrieved July 1, 2022.
13. "Commissioners". Cyberspace Solarium Commission. Retrieved June 21, 2022.
14. eng.auburn.edu/mccrary/focus-on-research
15. "Mission and History". CSC 2.0. Retrieved January 5, 2025.
16. "White House critical infrastructure protection order is 'outdated' and needs rethinking, Cyberspace Solarium Commission says". therecord.media. Retrieved January 5, 2025.
17. "Cyberspace Solarium Commission 2.0 Brings Much to Think About for the Next Presidential Administration". OODAloop. September 26, 2024. Retrieved January 13, 2025.
18. "What is the Cyberspace Solarium Commission 2.0 Project and Why Should I (as a US Citizen) Care?". Pivot Point Security. July 29, 2022. Retrieved January 13, 2025.
19. Poireault, Kevin (September 20, 2024). "US Cyberspace Solarium Commission Outlines Ten Cyber Policy Priorities". Infosecurity Magazine. Retrieved January 13, 2025.
20. "White House critical infrastructure protection order is 'outdated' and needs rethinking, Cyberspace Solarium Commission says". therecord.media. Retrieved January 13, 2025.
21. Miller, Maggie (October 22, 2024). "Dozens of former officials chart course for next administration's cyber policies". POLITICO. Retrieved January 13, 2025.
22. Ma, Jiwon (September 19, 2024). "2024 Annual Report on Implementation". CSC 2.0. Retrieved January 19, 2025.
23. Ma, Jiwon (June 4, 2024). "Healthcare Cybersecurity Needs a Check Up". CSC 2.0. Retrieved January 19, 2025.
24. Ma, Jiwon (December 13, 2023). "After Action Report: Multistakeholder Insights to Advance Water and Wastewater Infrastructure Cybersecurity". CSC 2.0. Retrieved January 19, 2025.
25. Ma, Jiwon (September 19, 2023). "2023 Annual Report on Implementation". CSC 2.0. Retrieved January 19, 2025.
26. Ma, Jiwon (June 7, 2023). "Revising Public-Private Collaboration to Protect U.S. Critical Infrastructure". CSC 2.0. Retrieved January 19, 2025.
27. Fixler, Annie (March 28, 2023). "Full Steam Ahead: Enhancing Maritime Cybersecurity". CSC 2.0. Retrieved January 14, 2025.
28. Ma, Jiwon (November 3, 2022). "Request For Information on Cyber Workforce Development Submitted to the Office of National Cyber Director". CSC 2.0. Retrieved January 14, 2025.
29. Fixler, Annie (October 10, 2022). "The Need for Cybersecurity Data and Metrics: Empirically Assessing Cyberthreat". CSC 2.0. Retrieved January 14, 2025.
30. Ma, Jiwon (September 21, 2022). "2022 Annual Report on Implementation". CSC 2.0. Retrieved January 11, 2025.
31. Fixler, Annie (June 2, 2022). "Workforce Development Agenda for the National Cyber Director". CSC 2.0. Retrieved January 11, 2025.