Link Search Menu Expand Document
Publications
  1. COMMISSION BACKGROUND

COMMISSION BACKGROUND

The digital connectivity that has brought economic growth, technological dominance, and an improved quality of life to nearly every American has also created a strategic dilemma. The United States now operates in a cyber landscape that requires a level of data security, resilience, and trustworthiness that neither the U.S. government nor the private sector alone is currently equipped to provide. Moreover, shortfalls in agility, technical expertise, and unity of effort, both within the U.S. government and between the public and private sectors, are growing. For more than 20 years, nation-states and non-state actors have leveraged cyberspace to subvert American power, American security, and the American way of life. The perpetrators of these cyberattacks exploited weaknesses in both systems and strategy and assessed that their forays damaged the United States without triggering any significant retaliation. American restraint was met with unchecked predation.1 The U.S. Cyberspace Solarium Commission (CSC) was established in the John S. McCain National Defense Authorization Act for Fiscal Year 2019 to address these challenges and “develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.”2

To meet its mandate, the CSC produced a final report, published in March 2020, outlining a strategic approach and 82 recommendations for the U.S. government. In developing the final report, task forces met with more than 300 stakeholders from industry; academia; federal, state, and local governments; international organizations; and think tanks, and they stress-tested their recommendations through a series of red team reviews and a scenario-based Solarium event. Following the Solarium event, the Commissioners assessed each strategy and its supporting policy recommendations, providing formal feedback. The staff tabulated this feedback and used the insights and guidance to further refine the recommendations.

In the months following the launch of the final report, Commissioners and staff produced legislative proposals (where appropriate) to support its recommendations, and worked with relevant committees in the House and Senate to implement many of the Commission’s original recommendations. In addition, the Commission issued four white papers with new and updated recommendations: they addressed lessons on cybersecurity from the pandemic, details on the national cyber director recommendation, a framework for a cybersecurity workforce development strategy, and proposals on how to secure America’s information and communications technology (ICT) supply chains. A fifth white paper, published in January 2021, highlighted specific priorities for the incoming Biden-Harris administration. Many of the Commission’s key recommendations have been enacted in legislation, but there is still more work to be done to meet the urgent challenges facing our nation, and much can be achieved through coordinated and thoughtful executive action.

This assessment is intended to review the implementation of the recommendations made by the Commission over the course of the previous year. The recommendations themselves are discussed in more detail in the Commission’s final report and accompanying white papers.3

1David Alexander, “Hagel, Ahead of China Trip, Urges Military Restraint in Cyberspace,” Reuters, March 28, 2014, https://www.reuters.com/article/ us-usa-defense-cybersecurity/hagel-ahead-of-china-trip-urges-military-restraint-in-cyberspace-idUSBREA2R1ZH20140328.

2 John S. McCain National Defense Authorization Act for Fiscal Year 2019, Pub. L. No. 115-232 [hereafter FY19 NDAA], § 1652, 132 Stat. 1636, 2140 (2018), https://www.govinfo.gov/content/pkg/PLAW-115publ232/pdf/PLAW-115publ232.pdf.

3 These publications are available at the Cyberspace Solarium Commission’s website, www.solarium.gov.

Table of Contents