CSC 2.0 – the private sector successor to the government’s Cyberspace Solarium Commission – is teeing up a series of cybersecurity-related legislative and policy actions that it says the next administration and Congress still needs to pursue.
Nearly 80 percent of the Cyberspace Solarium Commission’s original 82 recommendations from March 2020 have been fully implemented or are nearing implementation, with an additional 12 percent on track to be implemented.
CSC 2.0 Co-Chair Sen. Angus King, I-Maine, on Sept. 19 released a new report highlighting the top 10 recommendations the next Congress and administration should prioritize from the commission’s original slew of proposals that have yet to be implemented.
The 2024 Annual Report on Implementation calls for the Federal government to prioritize:
- Designating benefits and burdens for systemically important entities;
- Conducting robust continuity-of-the-economy planning;
- Codifying Joint Collaborative Environment for threat information sharing;
- Strengthening an Integrated Cyber Center within CISA;
- Developing cloud security certification;
- Establishing a Bureau of Cyber Statistics;
- Establishing liability for final goods assemblers;
- Developing cybersecurity insurance certifications;
- Establishing National Guard cybersecurity roles; and
- Building societal resilience against cyber-enabled information operations.
During a Foundation for Defense of Democracies (FDD) event previewing the new report, Sen. King said that out of those ten recommendations his top two asks to Congress and the incoming administration include conducting robust continuity-of-the-economy planning and codifying the Joint Collaborative Environment for threat information sharing.
“If I had to choose, I think two and three are critically important. We need much more work on continuity of the economy,” Sen. King said. “How do we react if the worst happens? If you don’t have a plan, it’s going to be chaos.”
Retired Rear Adm. Mark Montgomery – who currently serves as the senior director of the FDD’s Center on Cyber Technology and Innovation and was a senior advisor to the original Solarium commission – said his top two of the ten recommendations are designating benefits and burdens for systemically important entities and establishing National Guard cybersecurity roles.
“What we haven’t done is say, what are the benefits and burdens of being those important entities,” Montgomery said during the FDD event. “What did those entities have to do to maintain a certain level of cybersecurity to deter the adversary? And then what do we as a government – which gets at, what information do we need to share, do we need to be able to push to them? How fast can we get them in the speed of data, transit, transmission of threat information?”
Montgomery also emphasized that, in the future, the National Guard is “going to be a critical part of the cyber defense of the United States” in a way that “we do not want the active-duty military or the intelligence community to be doing.”
Tom Fanning, a current advisor to CSC 2.0 and the former CEO of the Southern Company electric utility, agreed that designating benefits and burdens for systemically important entities should be the top priority, but also emphasized that it needs to be refined.
“There are those things that we do that are absolutely critical, and when you think about this joint collaborative environment, in order not to boil the ocean, we need to get as refined as possible and as granular as possible, to those things that we do that are central to keeping America as strong as it is today,” Fanning said. “The National Risk Management Center inside CISA has to work with the private sector and with government to really understand … what is really important, I would argue, at the asset level, to keeping America strong.”
