U.S. Senators Ben Sasse (R-NE), Angus King (I-ME) and Congressman Mike Gallagher (R-WI), the creator and co-chairs of the Cyberspace Solarium Commission (CSC), today announced the release of the CSC’s report on protecting the nation’s critical infrastructure from a cyberattack.

“Warning lights have been blinking for a long time,” said Senator Sasse. “China and Russia have attacked the United States in cyberspace, and Washington has been caught flat-footed without a cyber doctrine. This report lays out a vision for defending the world’s most advanced digital society through a strategy of layered cyber deterrence. There are a lot of recommendations in here – some of them are great and some of them need more work. This report is the beginning, not the end. Now, it’s time to execute.”

The report details the extensive threats to our security, from nation states like China, Russia, Iran, and North Korea, and non-state actors like criminals and extremist groups. It highlights the unique challenges in defending the nation’s cyberspace, which is largely owned and operated by the private sector, and is intended to provide a path forward to building the robust public-private collaboration that is needed to establish effective cybersecurity. Unlike the previous model of many major policy reports, the Commission's recommendations serve more as a roadmap for the U.S. to improve its posture in cyberspace. 

Major recommendations contained in the report include establishing a Senate-approved National Cyber Director to lead the federal government’s work in cyberspace, the development of a continuity of the economy plan to ensure the rapid recovery of national critical functions following a major disruptive cyber event, and the creation of House Permanent Select and Senate Select Committees on Cyber to provide integrated oversight of the federal government’s cybersecurity efforts. 

The full report can be read HERE. 

The report includes more than 75 specific recommendations, organized into 6 pillars. These include:

1. Reform the U.S. Government’s Structure and Organization for Cyberspace.  Recommendations include:
  • Congress should create House Permanent Select and Senate Select Committees on Cyber 
  • Congress should establish a Senate-confirmed National Cyber Director 
  • Congress should strengthen the Cybersecurity and Infrastructure Security Agency (CISA) 

2. Strengthen Norms and Non-Military Tools.  Recommendations include:
  • Congress should create an Assistant Secretary of State in the Department of State, with a new Bureau of Cyberspace Security and Emerging Technologies, who will lead the U.S. government’s effort to develop and reinforce international norms in cyberspace.

3. Promote National Resilience.  Recommendations include:
  • Congress should direct the U.S. government to develop and maintain Continuity of the Economy planning 
  • Congress should codify a Cyber State of Distress tied to a Cyber Response and Recovery Fund 

4. Reshape the Cyber Ecosystem Toward Greater Security. Recommendations include:
  • Congress should establish and fund a National Cybersecurity Certification and Labeling Authority 
  • Congress should pass a national data security and privacy protection law 

5. Operationalize Cybersecurity Collaboration with the Private Sector. Recommendations include:
  • Congress should codify the concept of “systemically important critical infrastructure”
  • Congress should direct the executive branch to elevate and strengthen a public-private, integrated cyber center in CISA 

6. Preserve and Employ the Military Instrument of Power – And All Other Options to Deter Cyberattacks at Any Level. Recommendations include:

  • Congress should direct the Department of Defense to conduct a force structure assessment of the Cyber Mission Force 
  • Congress should direct the Department of Defense to conduct a cybersecurity vulnerability assessment of all segments of the nuclear control systems and continually assess weapon systems’ cyber vulnerabilities.

After Sasse’s multi-year effort, the Cyberspace Solarium Commission was established by statute in the 2019 National Defense Authorization Act (NDAA) and officially launched in April 2019.