The Cyberspace Solarium Commission (CSC) was a United States bipartisan, congressionally mandated intergovernmental body created by the John S. McCain National Defense Authorization Act for Fiscal Year 2019. Its purpose was "to develop a strategic approach to defense against cyber attacks of significant consequences" to the United States.[1] The commission was sunsetted on December 21, 2021, but is continuing its work as a non-profit in 2022, led by Mark Montgomery, the commission's former executive director at the non-profit organization Foundation for the Defense of Democracies (FDD) with a limited staff and the support of a small number of senior advisors.[2][3] Known as CSC 2.0, this project preserves the legacy and continues the work of the CSC.[4]
Mandate and work
The CSC was created in 2019 with the objective to establish policy solutions required to prevent and prepare the United States against cyber attacks.[2] The commission is considered to have had a major impact on cybersecurity policies by providing blueprints for further transformative processes on the future.[5] In 2019, a small group of members from the DoD and DHS, including Mark Montgomery, future executive director, later joined by the future chief of staff to the commission worked to create the building blocks of the commission, working to establish strategy, office, functions, and hiring. The commission hired multiple directors and senior directors and was augmented by multiple detailees from federal agencies to create three task forces and a forth directorate to cover the whole of cyberspace strategy for the United States. During the course of the commission, the staff engaged with over 400 agencies, public sector representatives, and cyber experts.[citation needed]
Report
The Cyberspace Solarium Commission issued a report in March 2020, listing 83 recommendations, for Congressional and Executive action.[6] Over the course of two years, the commission's work led Congress to legislate, appoint, and confirm the National Cyber Director, pushed the release of cybersecurity-focused executive orders, and broadened the authorities and expanded the budget of the Cybersecurity and Infrastructure Security Agency.[2][5]
The commission made recommendations organized into the categories below.[7]
Reform the U.S. Government's Structure and Organization for Cyberspace.
Strengthen Norms and Non-Military Tools.
Promote National Resilience.
Reshape the Cyber Ecosystem.
Operationalize Cybersecurity Collaboration with the Private Sector.
Preserve and Employ the Military Instrument of National Power.
Commission members
During its tenure, the commission included the following members:[8]
The four federal agency representatives rotated based on agency availability, but were most often attended by the highest policy senior executives in their particular agency.