Cyberspace Solarium report calls for layered cyber deterrence, defend forward strategy

Last week, the US Cyberspace Solarium Commission, a bicameral, bipartisan intergovernmental body created by the 2019 Defense Authorization Act, launched its official report on the organization, policy and technical issues surrounding how to best defend the country against digital security threats. Inspired by a commission established in the Eisenhower Administration to tackle Cold War era problems, the Cyberspace Solarium Commission is co-chaired by Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI). It counts among its 14 commissioners four members from Congress, four senior executive agency leaders and six experts from outside of government.

The objective of the commission is to cut through the thicket of government bureaucracy and terminology and archaic structures surrounding cybersecurity to come up with implementable action plans that address the issues uncovered by the commission’s investigation. The report spells out 75 recommendations for action across the public and private sectors.

Layered cyber deterrence

Most notably, it advocates a new overarching strategic approach the commission calls “layered cyber deterrence,” aimed at reducing the probability and impact of significant cybersecurity attacks. To reach this state of layered cyber deterrence, the Solarium Commission says three things are needed:

  • Shape behavior to promote responsible behavior in cyberspace.
  • Deny benefits to adversaries who have long exploited cyberspace to America’s detriment.
  • Impose costs on actors who negatively interfere with the United States in cyberspace.

(The report acknowledges the limitations and misleading nature of the term “cyberspace,” citing William Gibson, the famed science fiction writer who coined the term, who himself criticized the word he created as “evocative and essentially meaningless.”)

The three layers, in turn, are supported by six policy pillars spelled out in the report. The six pillars organize the 75 recommendations. The policy pillars include:

  • Reform the US government’s structure and organization for cyberspace.
  • Strengthen norms and non-military tools.
  • Promote national resilience.
  • Reshape the cyber ecosystem toward greater security.
  • Operationalize cybersecurity collaboration with the private sector.
  • Preserve and deploy the military instrument of power to deter cyberattacks.

Government cybersecurity reform is key

Central to the entirety of the report’s recommendations is the first policy pillar of reforming the government’s structure and ability to tackle issues in cyberspace. To that end, the commission recommends creating an updated national cybersecurity strategy that reflects layered cyber deterrence and the establishment of a House Permanent Select and Senate Select Committees on Cybersecurity, along with a senate-confirmed national cyber director.

Source link