Cyberspace Solarium Report Provides Congress Historic Opportunity to Strengthen National Security

by Suedeen G. Kelly, former Commissioner, Federal Energy Regulatory Commission

Intense debate has occurred in recent years about the need to enhance the integrity, security, and resilience of our national infrastructure against disabling cyberattacks, especially the electric grid, which powers essential services and our economy.

Opportunely, a Congressionally appointed group, the Cyberspace Solarium Commission (CSC), has developed a detailed roadmap of what needs to be done, and delivered it to Congress in early March just before the coronavirus rocked our public health system and devastated our economy.

The convergence of these two events at this unique moment in history provides Congress and our nation an unexpected opportunity to overpower the menace confronting our cyber assets.

The CSC was established by the National Defense Authorization Act of 2019 to “develop a consensus on a strategic approach to defending the United States in cyberspace against cyberattacks of significant consequences.” The solarium approach of assembling great political, policy and industry minds to focus on a singular task was first used by President Dwight Eisenhower in 1953 to develop a new response to a growing Russian threat.  As recently noted by conservative columnist Hugh Hewitt, the Presidential gathering to combat the Russian peril “ranks as probably the second-greatest collaborative effort by intellectuals in U.S. history, after the gathering in Philadelphia in 1787.”

And just as the first solarium developed the pathway for U.S. success in the Cold War, the second solarium has developed a detailed roadmap to successfully protect our nation’s critical infrastructure and electric grid.  The CSC’s members — two U.S. senators, two House representatives, four executive branch officials and six private industry experts — developed dozens of policy recommendations, including more than 55 legislative proposals, detailing precisely how to implement a new and effective infrastructure cyberstrategy.

After more than two months of coronavirus-driven hearing delays, members of the CSC testified before Congress on May 13, and detailed their findings and three-layered strategy recommendations.

The first layer encourages the U.S., its allies and its partners to define, promote and enforce responsible cyber conduct — “shaping behavior” essentially – to reduce the number of attacks through diplomacy, sanctions, indictments and, if necessary,  international extradition.

The second layer would have the U.S. “deny benefits” to attackers by making “critical networks” less penetrable and more resilient so they can recover from attacks quickly.  By making government servers, election software, electrical grids, and support systems for the financial services and telecommunications sectors more secure, the U.S. can deny would-be attackers the opportunity to create chaos and instability.

The third layer of the proposed strategy involves offense – developing the capability to strike back, forcefully if necessary, against our attackers and “impose costs” on those who target America in cyberspace.

The report also acknowledges that “Existing government structures and jurisdictional boundaries fracture cyber policymaking processes, limit opportunities for government action, and impede cyber operations.” In order to overcome this hurdle, Congress must “reform how the U.S. government is organized to secure cyberspace and respond to attacks,” beginning with the appointment of a Senate-confirmed National Cyber Director, housed in the Executive Office of the President. This director would serve a five-year term as “the President’s principal adviser for cybersecurity-related issues” and “lead national-level coordination of cybersecurity strategy and policy, both within government and with the private sector.”

The CSC has done its job and delivered a smart, strategic plan to Congress at a time when we face a mounting cyberthreat to national security and Congress is providing much-needed financial infusions to states and individuals to jump-start our economic recovery from the virus pandemic. Allocating some or even most of those cash infusions to implement the CSC’s recommendations could provide focused infrastructure spending targets and fund thousands of new jobs, while simultaneously advancing the country’s overall cybersecurity and addressing the very real threat of a cyber war.

Before the coronavirus pandemic, the U.S. was already the target of millions of incoming cyberattack attempts every day.  Now, as our economy struggles to gain a foothold and millions of Americans are either unemployed or working from home, we are even more vulnerable.

But we have an opportunity to act, to do the right thing and channel money, resources, and talent toward implementing the CSC recommendations and ensuring that, as we recover from the pandemic, we come back stronger than ever, with a level of infrastructure cybersecurity protection that is commensurate with today’s ever-evolving threats.

Congress needs to act on the CSC recommendations, and do so with a strong sense of urgency and purpose.  Failing to capitalize on this win-win opportunity will slow our economic recovery, leave our national infrastructure unnecessarily at risk, and potentially cause current and future generations to suffer an unnecessary decline in our quality of life and economic well-being.

The CSC did the job Congress requested; Congress must now reciprocate.

Suedeen Kelly

Author Bio