A co-chairman of the Cyberspace Solarium Commission said April 22 that the fiscal 2021 defense policy bill could include about 30 percent of the group’s cyber policy recommendations.
According to Rep. Mike Gallagher, R-Wis., who co-chairs the Cyberspace Solarium Commission, which released a report with more than 75 cyber policy recommendations March 11, said on a webinar hosted by Palo Alto Networks that commission staff is working with the appropriate congressional committees and subcommittees to put about 30 percent of its recommendations into this year’s National Defense Authorization Act.
The report proposed a three-pronged strategy for securing cyberspace, called layered deterrence: shape behavior, deny benefit and impose cost.
The report also takes U.S. Cyber Command’s “defend forward” policy, which allows the military to take a more aggressive approach in cyberspace. It also suggests broadening the policy to encompass the entire federal government.
Gallagher didn’t specifically identify recommendations he thinks will be included in the NDAA, but given that the bill focuses on authorizing Defense Department programs, Pentagon-specific recommendations are the likeliest to be in the legislative text.
The recommendations for the department focus on ensuring that the Cyber Mission Force is adequately equipped; establishing vulnerability assessments for weapons and nuclear control systems; sharing threat intelligence; and threat hunting of the networks of the defense-industrial base.
The spread of the new coronavirus, COVID-19, disrupted the commission report’s rollout, which included congressional hearings on the commission’s recommendation. Those hearings have been canceled. But the pandemic also highlights the need to implement recommendations made in the report, Gallagher said, specifically the establishment of a national cyber director in the White House.
“The importance of having that one person, that singular belly button in the executive branch who’s coordinating efforts across government so that you don’t have to create an ad hoc task force, [so] you’re not scrambling to find who are the right people we need in the room after the crisis has already occurred,” Gallagher said
Before the spread of the coronavirus, congressional committees had planned to host hearings on the commission report, but those were canceled after the coronavirus spread throughout the United States. Congress is currently wrestling with how to remotely conduct voting and committee business, as the pandemic is restricting gatherings of large groups of people.
“Even though coronavirus has complicated some of ... our commission rollout, we’re continuing the legislative process right now, and I’m pretty optimistic about our ability to shape this year’s NDAA,” Gallagher said.
As for the other recommendations, Gallagher said they aren’t germane to the NDAA and will take “some time.”
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.