“For over 20 years, nation-states and non-state actors have used cyberspace to subvert American power, American security, and the American way of life” notes the much-needed report by the Cyberspace Solarium Commission, a group convened as part of the National Defense Authorization Act (NDAA). Its bipartisan chairs are Senator Angus King (I-Maine) and Representative Mike Gallagher (R-Wisconsin) (Check out the event Rep. Gallagher produced with ChinaTechThreat on The Pentagon’s Risky Business.). Just as the nation organized to defeat Soviet communism, the US needs a similar whole-of-America approach to cybersecurity and the root causes of cyberthreats, notably the Chinese Communist Party.
The report offers a much needed review of the US on cybersecurity and suggestions for improvement. It describes the strategy of layered cyber deterrence to reduce the probability and impact of cyber-attacks. This deterrence is comprised of a set of activities to shape behavior, deny benefits, and impose costs. The most important set of recommendations is the reform of the US government’s structure and organization for cyberspace (p. 31), the key reason that the US is failing to deliver deterrence today. While the report should go further to reboot the armed forces for the digital age, it recognizes that vital administrative changes need to take place, including vesting and streamlining the proper authority for process and decisions, and for Congress and the Executive branch to resolve the panoply disjointed cybersecurity actors without a coherent overall strategy. As the report notes, the agency best suited for oversight of cybersecurity may be the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security—an agencies which already leverages public and private sector expertise. The recommendations to recruit, develop, and retain a stronger federal cyber workforce are also welcome (p. 43) and could be leveraged by US states.