The legacy of the Cyberspace Solarium Commission

One of the government’s key mechanisms for pushing cybersecurity policy in recent years is shutting down. The Cyberspace Solarium Commission was charged in 2019 with sorting through the difficult policy solutions needed to help prevent and prepare the U.S. cyberattacks, is shutting down this month after more than two years and a report to Congress with nearly 100 recommendations that led to a slew of legislative changes.

But as cyber incidents seemingly increase in number and scale, it’s clear that there’s more to be done. So, the panel is rebooting its efforts as a non-profit in 2022.

The commission has had several big wins: the establishment of the national cyber director, pushing the release of cybersecurity-focused executive orders, and broadening the authorities of the Cybersecurity and Infrastructure Security Agency.

...

Laura Brent, a senior fellow at the Center for a New American Security who specializes in cyber defense policy, technology and national security, told FCW that cyber policy over the next year will likely focus on deterrence and how to measure the successes of any cyber policy.

“Even if there’s success of implementation, we still need to see if there’s success of impact,” Brent said.

Looking forward and building on the commission’s work, Brent said there will be hard questions that need to be answered, such as what the metrics of success and failure look like when defending or responding against cyber incidents. Is failure an organization suffering a ransomware attack or having to pay? Is deterrence effective if cyber incidents persist? What exactly is being deterred?

Read the full story and more from FCW.