Reps. Mike Gallagher, R-Wis.., and Jim Langevin, D-R.I. — commissioners both — were optimistic about the continued contribution of the Cyber Solarium Commission in the year ahead during their keynote address at the RSA Conference.
A mix of politicians, private sector appointees, and academics, the bipartisan Solarium Commission was able to make nearly 30 recommendations that were passed into law — no small feat in the typically stagnant world of cyber policy. Gallagher, who co-chaired the commission with Sen. Angus King, I-Maine, credited the success to a deliberate decision to base the Solarium's final report around shovel ready suggestions.
"With four members of Congress on the commission, [we realized], we should write a report that's really a blueprint for legislative action," said Gallagher.
The commission was modeled after Eisenhower's Project Solarium for nuclear deterrence, the subject of Gallagher's doctoral thesis. The commission was created in the 2019 defense authorization bill, with its recommendations codified into law in the next year's defense authorization bill. Most notably, the commission's accepted recommendations included the national cyber director position, a long time priority of Langevin.
"There's still more work to be done and we're ready to go again for round two, in terms of legislation," said Langevin.
Langevin highlighted several priorities still unaddressed in the 2020 report, all of which echoed calls in Tuesday's RSA panel from fellow Commissioner Frank Cilluffo and R-Street Institute cyber policy expert Paul Rosenzweig.
Those priorities included a Bureau of Cyber Statistics, which would aggrigate breach information to allow federal and private security pros to make data-driven security decisions, designating the most critical infrastructure "systemically important" to receive special attention and a public private information sharing entity called the Joint Collaborative Environment.
Gallagher said the SolarWinds debacle, where vendor FireEye was first to sound the alarm, proved the criticality of the governments relationship with the private sector.
He said the commission, which was renewed in the 2020 Defense Authorization Act, is expected to work cooperatively with the Executive Branch, but would also keep a close eye on the Biden administration to make sure ideas passed into law are implemented correctly. While Biden has announced former-commissioner Chris Inglis as his pick for national cyber director, it came after a long delay, and some have worried about the NCD establishing itself as an office.
Asked about election security, a perennially blooming cybersecurity debate in Congress, Gallagher said making headway would be an option if Congress could adopt the shared-purpose bipartisanship of the Solarium Commission.
"I think you could have come into any of our commission meetings blindfolded and you wouldn't have known who the Democrats were or who the Republicans were," he said.