1.5.1

1 Improve Cyber-Oriented Education

1.5.1

1 2020 Report

2021

2022

2023

Implemented

The FY22 NDAA implemented this recommendation. The FY23 omnibus spending bill appropriated $36.3 million for the National Infrastructure Simulation Analysis Center, a nearly $13.5 million increase from the previous year. The funding remains available until September 30, 2024. In addition, the FY22 NDAA provides CISA with $6.5 million above the president’s request to administer the National Cyber Exercise Program.

Status Summary

Increased Appropriations Required

View Details

2.1

2 Create a Cyber Bureau and Assistant Secretary at the U.S. Department of State

'21

'22

'23

2020 Report

View Details

2.1.1

2 Strengthen Norms of Responsible State Behavior in Cyberspace

'21

'22

'23

2020 Report

Nearing Implementation

2.1.1

2 2020 Report

2021

2022

2023

Implemented

The FY21 NDAA implemented this recommendation. CISA’s Cyber Storm VIII exercise took place in March 2022, and its successor, Cyber Storm IX: National Cyber Exercise, is scheduled to take place in spring 2024.

Status Summary

Executive Actions Taken

View Details

2.1.2

2 Engage Actively and Effectively in Forums Setting International ICT Standards

'21

'22

'23

2020 Report

Nearing Implementation

2.1.2

2 2020 Report

2021

2022

2023

On Track

Executive action and appropriations are required for this recommendation. To address both the requirements of this recommendation and the related requirements in Recommendation 4.1.2 below, the CSC’s congressional Commissioners submitted a letter to the appropriations committees recommending an increase in funding of $30 million for FY21 to support NIST’s cybersecurity and privacy programs. The Consolidated Appropriations Act for FY21 did not include this increase, though the requirements for work on standards have grown rapidly. Accordingly, the CSC’s congressional Commissioners have recommended a significant increase to support NIST’s cybersecurity and privacy programs for FY22. The President’s FY22 Budget Request includes a modest increase (approximately $2.35 million) for the Standards Coordination and Special Programs portfolio, which includes NIST’s work on international standards development, as well as increases totaling $3.5 million that would benefit specific standards initiatives in the areas of advanced communications and would help strengthen diversity and equity in the standards workforce. Separately, the Senate-passed USICA includes several provisions that make progress on this issue. Section 2306 would require the Secretary of Commerce to work with the Secretary of Energy to build capacity and training programs for U.S. engagement in standards setting, partner with the private sector on developing standards for digital economy technologies, and prioritize efforts focused on developing standards for emerging technologies. Section 3210 requires the President to establish an interagency working group, led by the Secretary of State, whose goal is to increase U.S. engagement in international standards bodies focused on 5G. The working group would also be assigned responsibility for providing a strategy that addresses U.S. engagement at 5G standards bodies, diplomatic engagement with partners and allies, China’s presence and engagement at standards bodies, and engagement with private-sector stakeholders to develop 5G standards. Other provisions direct the Assistant Secretary of Commerce for Communications and Information to prepare a briefing on barriers to robust U.S. government participation in standards activities at the International Telecommunication Union and on opportunities for further participation, authorize a grant program to encourage private-sector participation at standards bodies, and direct the Secretary of State to establish a regular dialogue with partners and allies on international regulatory issues, including standards setting.

Nearing Implementation

Section 1729 of the FY21 NDAA addressed this recommendation, but the National Guard report evaluating rules and standards pertaining to the guard’s use in response to a cyber incident was incomplete. Despite this, there has been meaningful improvement in the guard’s capabilities to protect critical infrastructure. In 2022, 5,000 guard personnel provided cybersecurity support ahead of the midterm elections. Clear guidance on the utilization of National Guard capabilities will be needed to fully address this recommendation.

Status Summary

Legislation Passed; Appropriations Required

View Details

2.1.3

2 Improve Cyber Capacity Building and Consolidate the Funding of Cyber Foreign Assistance

'21

'22

'23

2020 Report

On Track

2.1.3

2 2020 Report

2021

2022

2023

Nearing Implementation

There has been limited progress in amending the Federal Election Campaign Law to allow corporations to provide free or reduced-cost cybersecurity assistance to political campaigns on a nonpartisan basis. CISA and nonprofit organizations, however, provide election security resources. While this differs from the commission’s recommendations, the effort broadly aligns with the intent of this recommendation.

Status Summary

Legislation Proposed; Appropriations Required

View Details

2.1.4

2 Improve International Tools for Law Enforcement Activities in Cyberspace

'21

'22

'23

2020 Report

Implemented

2.1.4

2 2020 Report

2021

2022

2023

Implemented

Senators Amy Klobuchar (D-MN) and Lindsey Graham (R-SC) reintroduced the Honest Ads Act, a bill that would combat foreign interference in American elections and improve transparency of online political advertisements through Federal Election Commission oversight. CSC co-chair, Representative Mike Gallagher (R-WA), and Representative Derek Kilmer (D-WA) introduced a companion bill in the House.

Status Summary

Executive Action Taken; Funding Appropriated

View Details

2.1.5

2 Leverage Sanctions and Trade Enforcement Actions

'21

'22

'23

2020 Report

Nearing Implementation

2.1.5

2 2020 Report

2021

2022

2023

Nearing Implementation

Leverage Sanctions and Trade Enforcement Actions: The Commission recommended the codification of Executive Order 13848 as a means of improving enforcement norms of responsible state behavior in cyberspace. However, this recommendation could also be implemented through executive branch action. For example, the administration’s use of sanctions against the Russia-based darknet market, Hydra, as part of an internationally coordinated effort to disrupt cybercriminals’ activities and cybercrime services demonstrates a willingness to use these tools. Similarly, recent sanctions against Russian technology companies and cyber actors supporting Russia’s efforts to invade Ukraine make progress towards the overall goal of this recommendation. The scale and severity of sanctions against the Russian government and leaders in the spring of 2022 demonstrate the executive branch’s willingness to use sanctions tools to protect norms of responsible state behavior in general. While not specific to cybersecurity, this change has created an environment where this recommendation is more likely to be implemented effectively. Additional legislative and executive actions have been taken to further advance this recommendation's goals. For instance, the House version of the FY23 NDAA emphasizes the need to empower U.S. banking institutions to address modern financial threats. Section 5415 notes that the Financial Crimes Enforcement Network may require domestic financial institutions and agencies to take “special measures” to address money laundering and terrorist financing activities “to bring pressure on those that pose money laundering threats.” The provision specifically identifies ransomware attacks perpetrated by Chinese and other malign foreign actors as a focus to combat modern financial crime. These special measures include prohibiting or imposing certain conditions upon transmittals of funds. In addition, the Department of Justice’s Strategic Plan for the fiscal years 2022 through 2026 lists combating ransomware attacks and other cyber threats as one of the agency’s main priorities and sets actionable goals to enhance its effectiveness in addressing ransomware attacks by September 30, 2023.

Status Summary

Legislation Proposed; Executive Action Taken

Nearing Implementation

In July, the White House announced a new initiative, dubbed the U.S. Cyber Trust Mark, led by the Federal Communications Commission, to create a voluntary cybersecurity labeling program for Internet of Things consumer devices. Once implemented, this labeling effort would inform consumers about the cybersecurity risks of IoT products, identifying products that voluntarily employ better cybersecurity practices.

Status Summary

Legislation Proposed; Executive Action Taken

View Details

2.1.6

2 Improve Attribution Analysis and the Attribution-Decision Rubric

'21

'22

'23

2020 Report

Nearing Implementation

2.1.6

2 2020 Report

2021

2022

2023

Nearing Implementation

Previously, this recommendation appeared to face significant hurdles. Strategic objective 3.3 of the National Cybersecurity Strategy, however, states that the administration will work with Congress and the private sector to develop legislation that would establish liability for software products and services. The National Cybersecurity Strategy Implementation Plan notes that the ONCD will host a legal symposium to explore different approaches to implementing a software liability framework by the second quarter of FY24.

Status Summary

Executive Actions Taken

View Details

2.1.7

2 Reinvigorate Efforts to Develop Cyber Confidence-Building Measures

'21

'22

'23

2020 Report

View Details

3.1

3 Codify Sector-Specific Agencies as “Sector Risk Management Agencies” and Strengthen Their Ability to Manage Critical Infrastructure Risk

'21

'22

'23

2020 Report

Implemented

3.1

3 2020 Report

2021

2022

2023

Implemented

As noted in previous recommendations, the publication of the National Cybersecurity Strategy serves as a declaratory policy vital for deterrence against adversaries of the United States, and its allies and partners. The strategy notes that Washington “will use all instruments of national power” to respond to malicious cyber actors. The strategy publicly declares that, working with allies and partners, the United States will impose cyber and/or non-cyber costs on adversaries, including for cyber activity that falls “below the threshold of armed conflict.” In addition, last year, Congress authorized the president to use U.S. Cyber Command to respond if the government determines that “there is an active, systematic, and ongoing campaign of attacks in cyberspace by a foreign power against the Government or the critical infrastructure.” This declaratory policy supports the intent of this recommendation.

Status Summary

Legislation Passed in FY21 NDAA; Funding Appropriated

View Details

Cyberspace Solarium Commission Recommendations Tracker

Implementation Status

Related Links

Breakdown by Pillars

LAYER 2 - DENY BENEFITS

Pillar 1

Pillar 2

Pillar 3

Pillar 4

Pillar 5

Pillar 6

White Papers

LAYER 2 - DENY BENEFITS

Pillar 1

Pillar 2

Pillar 3

Pillar 4

Pillar 5

Pillar 6

White Papers

Pillar 1

Pillar 2

Pillar 3

Pillar 4

Pillar 5

Pillar 6

White Papers

Assessment Data

Show Filters

Hide Filters

1.5.1

1

2020 Report

Improve Cyber-Oriented Education

'21

'22

'23

1.5.1

1

2020 Report

Improve Cyber-Oriented Education

Implemented

Implemented

Status Summary

Implemented

Status Summary

2.1

2

2020 Report

Create a Cyber Bureau and Assistant Secretary at the U.S. Department of State

'21

'22

'23

2.1

2

2020 Report

Create a Cyber Bureau and Assistant Secretary at the U.S. Department of State

Nearing Implementation

Implemented

Status Summary

Implemented

Status Summary

2.1.1

2

2020 Report

Strengthen Norms of Responsible State Behavior in Cyberspace

'21

'22

'23

2.1.1

2

2020 Report

Strengthen Norms of Responsible State Behavior in Cyberspace

On Track

Nearing Implementation

Status Summary

Implemented

Status Summary

2.1.2

2