New Commission Takes on U.S. Cyber Policy
A group of legislators lead development of a national cyber doctrine.
Legislators on Capitol Hill have formed the Cyberspace Solarium Commission, known as the CSC, which will put together a comprehensive U.S. cyber policy. Sen. Angus King (I-Maine), who is co-chairing the new organization with Rep. Michael Gallagher (R-Wisc.), announced the formation of the Geneva Convention-type commission in a call with reporters on May 13. The establishment of the commission was outlined in last year’s National Defense Authorization Act (NDAA), Sen. King said.
“Our underlying mission is to formulate a comprehensive cyber strategy and doctrine and policy for the United States in a time of escalating cyber threats,” he stated. “[It’s everything] from election meddling to threats against the infrastructure, the financial system, the electric grid, pipelines and businesses. There's a very broad scale level of threats, and what we're trying to do is develop a policy that can be understood and effectuated by our adversaries that involves more than just patching software.”
The CSC is examining three fundamental components of the cyber doctrine: persistent engagement, deterrence and standards. Persistent engagement would involve “a more forward-leaning policy than we've had in the past, engaging with our adversaries on cyber issues,” Sen. King noted. “Deterrence…is a heightened level of active response to cyber attacks, whether they be financial, national security or something in between. And the third is the approach of developing international norms and standards to govern a cyberspace…kind of a Geneva Convention of Cyber, and [defining] what is off limits.”
The 14-member commission is “going to be discussing all of those matters,” he said. In addition to Sen. King and Rep. Gallagher, the CSC includes four federal governmental leaders, six members from academia or the private sector, and two more legislators, Sen. Ben Sasse (R-Nebraska), and Rep. Jim Langevin (D-Rhode Island), who has been addressing cyber-related issues as a co-founder and co-chair of the Congressional Cybersecurity Caucus.
The federal governmental leaders include David Norquist, acting deputy secretary of Defense; David Pekoske, acting deputy secretary of Homeland Security; Chris Wray, director of the FBI; and Samantha Ravich, vice chair of the President's Intelligence Advisory Board.
The CSC’s commissioners from industry and academia include Frank Cilluffo, director of McCrary Institute for Cyber and Critical Infrastructure at Auburn University; Thomas Fanning, chairman, CEO and president of the Atlanta-based utility, the Southern Company; Chris Inglis, professor of cybersecurity at the U.S. Naval Academy and former deputy director of the National Security Agency; Patrick Murphy, a former member of Congress and former under secretary of the Army and now a professor at the U.S. Military Academy; and Suzanne Spaulding, a senior advisor for Homeland Security at the Center for Strategic and International Studies.
Sen. King clarified that while the CSC was working with officials from the federal government and the president’s administration, it was not yet working directly with the White House. “Eventually part of this process will involve the White House, and we hope that they are engaged,” the lawmaker said. He noted that President Trump’s executive order on cybersecurity issued last year was “a positive” move. “It's not the whole way, but it indicates a level of interest,” he said. “And, certainly, ultimately this is going to require the engagement of all parts of the federal government, including the president."
The CSC has had three meetings so far, the senator continued. The group will hold an event in early September and aims to have a policy report prepared by the end of the calendar year. And then it will present its findings to the Congressional Defense, Intelligence and Homeland Security Committees. Their work could include recommendations, suggested legislation and other steps.
“[Cyber attacks are] absolutely one of the most serious threats the country faces right now,” Sen. King stated. “We've got to develop a more comprehensive strategy that involves both the government and the private sector to respond to this very serious threat, which, by the way, will only be exacerbated by the development of 5G, which will make us even more dependent upon cyber.”