Cyberspace Solarium Commission publishes progress report, identifies areas for future action
The Cyberspace Solarium Commission released Wednesday its progress report on the collective changes carried out to help deter malign actors in cyberspace and shore up U.S. defenses at home. The measures will also make digital interactions safer for stakeholders across industry and around the world while increasing protection. The progress cannot be viewed as the culmination of the U.S. government’s focus on cybersecurity but must be looked upon as the prelude to even further changes.
Titled, ‘2022 Annual Report on Implementation,’ the Cyberspace Solarium Commission report said that the past two years had significantly improved U.S. cybersecurity. “Critical legislation has broken loose from long-standing jurisdictional conflicts to become law. Congress passed the Cyber Incident Reporting Act, which requires critical infrastructure companies to report cyberattacks and ransomware incidents,” it added.
The report pointed to the measures undertaken by lawmakers to increase funding for government cybersecurity efforts, particularly at the country’s primary cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security (DHS). The agency’s budget has grown by more than 25 percent, from US$2 billion for FY20 appropriation to $2.59 billion for FY22 appropriation, with even more funding expected in FY23.
The White House now has a national cyber director (NCD) to lead the coordination of cybersecurity strategy and policy implementation across the government. In addition, the State Department has a bureau and a nominated ambassador charged with America’s international engagement on cyberspace challenges. The executive branch has also taken other important actions based on new legislation, such as establishing the Joint Cyber Defense Collaborative (JCDC) at CISA.
In June, the Cyberspace Solarium Commission released a blueprint for the NCD to strengthen the federal cyber workforce and recommended actions for Congress to support efforts to grow the workforce.
The U.S. Congress created the Cyberspace Solarium Commission to identify a strategic approach to securing cyberspace. “Over the course of three years, the Commission developed 116 recommendations, many of which are accompanied by model legislative language,” Senator Angus King, an Independent from Maine, and Rep. Mike Gallagher, a Republican from Wisconsin, co-chairs at CSC 2.0, wrote in the report. “The Commission’s original report in March 2020 had 82 recommendations. Of these, nearly 60 percent are fully implemented or nearing implementation, and more than 25 percent are on track to implementation.”
However, implementation is not the same as success. Lasting improvements in national cyber resilience will take sustained attention, investment, and agility to address the ever-shifting threat landscape.
“Accordingly, this assessment details both the progress of the Commission’s original work as well as the work of the non-profit CSC 2.0 project that has accepted the baton in the long race to secure cyberspace,” the co-chairs wrote. “Even as we issue this progress report, we know that assessing implementation is not enough. We urge readers to consider this report as a mid-course check, laying a path for the many stakeholders in government and industry charged with a task that we cannot afford to fail — protecting our national cybersecurity,” they added.
Last August, the Cyberspace Solarium Commission published its initial annual report on implementation, highlighting the fact that implementation of the Commission’s recommendations is only the first step towards successful long-term improvements in U.S. cybersecurity. “That report — and this one — considers a recommendation to be implemented if Congress has codified it in law, if the executive branch has begun work towards the goal, or if other definitive signs indicate that work is or will soon be underway. However, driving lasting change beyond this initiation of work takes investment and careful stewardship over time,” according to the latest report.
As the CSC reached the planned end of its mandate, the commissioners agreed to continue the work under the auspices of the CSC 2.0 project. With the goal of continuing implementation and supporting long-term success, the CSC 2.0 project will continue ongoing work, like monitoring and assessing the recommendation implementation status. CSC 2.0 will also continue research and analysis on outstanding recommendations, ensuring that policymakers have detailed, up-to-date information.
As such, the second annual assessment reviews the implementation of CSC recommendations over the previous year to evaluate progress and highlight remaining gaps as policymakers implement and execute recommendations.
“Many of the Commission’s key recommendations have been enacted in legislation, but there is still more work to be done to meet the urgent challenges facing our nation,” the report revealed. “Beyond preserving and maintaining the existing body of work, the CSC 2.0 project is also undertaking novel research. Cybersecurity is not a stationary target. The priorities the Commission identified in 2020 have developed and changed in the intervening years, and new issues have come to the forefront. The CSC 2.0 project will research, analyze, and develop policy proposals. In fact, as discussed in the assessment that follows, this work is already underway,” it added.
“Since the publication of the first annual assessment in August 2021, Congress and the administration have made substantial progress bolstering U.S. cyber defenses by organizing and resourcing the U.S. government, cooperating with partners and allies, and enhancing collaboration with the private sector,” the Cyberspace Solarium Commission report said. “But the work is not done.”
National cyber resiliency requires long-term investment. Thwarting and punishing malicious cyber actors require persistence. Layered cyber deterrence demands sustained attention, the report said. “Continuing the important work that the CSC did to draw attention to the challenges and to outline concrete solutions, CSC 2.0 is committed to supporting efforts to implement the outstanding CSC recommendations.
Related
