Bipartisan panel to issue recommendations for defending US against cyberattacks early next year

A congressionally mandated commission plans to issue its recommendations for protecting the U.S. against cyberattacks early next year, a former top official at the Department of Homeland Security said Tuesday.

The Cyberspace Solarium Commission — made up of bipartisan members of Congress, former government officials and industry representatives — is working toward formulating a comprehensive, strategic approach, commission member Suzanne Spaulding said at the Digital Government Institute’s 930gov conference.

{mosads}“I think we’re trying to cover everything, frankly, short of war,” said Spaulding, a former under secretary of the Department of Homeland Security’s National Protection and Programs Directorate, now known as the Cybersecurity and Infrastructure Security Agency.

“To have a strategic approach, you’ve got to make sure that you’re thinking about all of the tools that you have at your disposal, all of the resources, all of the levers that both you and the private sector can contribute and bring to bear,” she added.

The commission was created by the 2019 National Defense Authorization Act (NDAA) and was named after President Eisenhower’s 1953 Solarium Project, which was tasked with developing a strategy to defend the U.S. against threats from the Soviet Union during the Cold War.

The 2019 NDAA gave the commission a Sept. 1 deadline to submit its report to Congress, but both the House and Senate versions of the 2020 NDAA call for a later submission date: Feb. 2 in the Senate measure and Sept. 1, 2020, in the House bill.

Congress has yet to pass the 2020 NDAA.

The co-chairmen of the commission, Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), wrote an op-ed for Lawfare on Monday in which they laid out the group’s goals.

“The United States is the most connected nation in the world—which brings opportunities but also increased vulnerabilities,” the two lawmakers wrote. “Unfortunately, U.S. politics, laws and national security policy have not kept up with both the risks and the opportunities stemming from the dynamism of technological change.”

King and Gallagher outlined the problems the commission hopes to address, which include defining the roles of the public and private sectors in securing U.S. information and critical infrastructure, how the Department of Defense should respond to cyberattacks by foreign nations, and how to promote “norms” of activity in cyberspace. 

Other commission members include Sen. Ben Sasse (R-Neb.), Rep. Jim Langevin (D-R.I.), former Rep. Patrick Murphy (D-Pa.), FBI Director Christopher Wray, Acting Homeland Security Deputy Secretary David Pekoske and Acting Deputy Secretary of Defense David Norquist.