We have a serious hunch that not all of you will actually hunker down to read all 100+ pages of the recently published Cyberspace Solarium report — even though you should. So, we're doing the dirty work and breaking it down for you… Sparknotes style.
So sink into that ever-deepening you-shaped imprint in your couch and join us each week for a new (and easily digestible) section of the Cyber Solarium Report.
The Cyber Solarium Commission (CSC) was established in 2019 and published March 11, 2020 to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences."
The CSC is led by bicameral, bipartisan co-chairs, Senator Angus King (I-Maine) and Representative Mike Gallagher (R-Wisconsin). Its 14 Commissioners include 4 legislators, 4 senior executive agency leaders, and 6 nationally recognized experts from outside of government. The Commission Staff is led by Executive Director Mark Montgomery who leads a staff of experts with experience in the federal government and private sector.
So what exactly is the Cyber Solarium Report? To put it simply, it's an unclassified U.S. government document aimed at amplifying the long overdue conversation around cyber and putting some action items into place.
It consists of over 80 recommendations which are organized into six pillars:
- Reform the US Government's Structure and Organization for Cyberspace
- Strengthen Norms and Non-Military Tools
- Promote National Resilience
- Reshape the Cyber Ecosystem
- Operationalize Cybersecurity Collaboration with the Private Sector
- Preserve and Employ the Military Instrument of National Power
URGENT CALL TO ACTION:
EVERYONE is affected by cyber insecurity. By the time we finish dissecting this report for you, we should all be on the same page in unifying and demanding a more secure cyber future.
For over two decades, adversaries have attacked American security, only to be met with minimal or no retaliation (think: election interference), resulting in increasing threats and insecurity. By not striking back, the United States is passing off a message that meddling in data and infrastructure is okay.
The more digital connections Americans make and the more data that is exchanged leaves more opportunity for adversaries to destroy private lives, disrupt infrastructure, and damage American economic and democratic institutions.
Therefore, The President and Congress have tasked the Commission to figure out what strategic approach will defend the US against significant cyberattacks and what policies and legislations are required to implement the strategy.
So, where do we start?
With layered cyber deterrence, a new strategic approach to cybersecurity where the end state is a reduced probability and impact of cyberattacks. There are three ways to reach this end goal:
- Shape Behavior
- In order to shape responsible behavior and encourage restraint in cyberspace, we need effective American leadership, built on a coalition of partners and allies.
- Deny Benefits
- The US must deny benefits to adversaries who have long been exploiting cyberspace to their advantage, the US's disadvantage, and at little cost. This new approach requires the government to collaborate with the private sector, which will promote national resilience and increase the security of the cyber ecosystem.
- Impose Costs
- The US must maintain the capability, capacity, and credibility needed to retaliate against actors who target America in and through cyberspace. This will aid in deterring future malicious behaviors, as well as reducing current conflicts. In order to shape responsible behavior and encourage restraint in cyberspace, we need effective American leadership, built on a coalition of partners and allies.
Deterrence is an enduring American strategy, and layered deterrence has two factors that make it fresh and bold:
- Deterrence by denial: specifically by increasing the defense and security of cyberspace through resilience and public and private sector collaboration
- Defending Forward: in order to disrupt and defeat ongoing adversary campaigns, the US must proactively observe, pursue and counter adversaries' operations and impose costs short of armed conflict. This shows adversaries that the US will respond to cyberattacks with all the tools at its disposal.
THE WAY FORWARD
The outlined strategy is built around government reform because, as of now, the US government is not properly equipped to secure against and respond to cyber attacks on its own. If the government cannot find a way to seamlessly collaborate with the private sector to build a resilient cyber ecosystem, the nation will never be secure.
To avoid a massive attack that could lead to large scale physical destruction, the US government must move to adopt layered cyber deterrence and the 75+ recommendations designed to make this transition a reality.
We look forward to unpacking it with you.
ABOUT STRATEGIC CYBER VENTURES
Cybersecurity is national security, and we're a D.C.-based venture capital firm on a mission to find cutting-edge startups that help us make an impact. We go beyond the check to help our founders win by leveraging our industry connections and experience as cybersecurity veterans to fuel their companies from inception to exit.