Solarium Commission wants action on stalled cybersecurity recommendations | CyberScoop<\/title> <meta name=\"description\" content=\"The influential commission has seen nearly 70% of its initial recommendations to improve cybersecurity implemented.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/solarium-commission-implementation-report\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Solarium Commission wants action on stalled cybersecurity recommendations\"> <meta property=\"og:description\" content=\"The influential commission has seen nearly 70% of its initial recommendations to improve cybersecurity implemented.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/solarium-commission-implementation-report\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-09-19T10:30:00+00:00\"> <meta property=\"article:modified_time\" content=\"2023-09-19T16:32:44+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1693959706g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1693499496g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1694542629g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7af46db108fbc62fdcc9\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/77146\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=77146\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsolarium-commission-implementation-report%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsolarium-commission-implementation-report%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-77146 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/solarium-commission-implementation-report\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.804502369668\">\n<div class=\"single-article__header-content\" readability=\"29.2875\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/government\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> The influential commission has seen around 70% of its initial recommendations to improve cybersecurity implemented. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations-1.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Sen. Angus King (I-ME) talks with reporters as he walks through the Senate subway on his way to a vote at the Capitol on June 21, 2021 in Washington, DC. (Drew Angerer\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"52.659488196071\"><body readability=\"107.35797235023\"><\/p>\n<p>Since its release in 2020, the recommendations of the Cyberspace Solarium Commission have served as a roadmap for the Biden administration\u2019s attempts to deliver broad improvements in computer security, but according to <a href=\"https:\/\/www.fdd.org\/analysis\/2023\/09\/19\/2023-annual-report-on-implementation\/\">a report released Tuesday<\/a>, a number of the panel\u2019s key recommendations have stalled. <\/p>\n<p>The recommendations that remain on the drawing board read like a to-do-list for federal cybersecurity policymakers: clarifying liability for federal cyber response efforts, modernizing campaign regulations to promote cybersecurity defenses, funding research and development centers to explore cybersecurity insurance certificates, the formation of congressional cybersecurity committees and establishing a national breach notification law.<\/p>\n<p>Three years since its release, nearly 70% of <a href=\"https:\/\/www.solarium.gov\/report\">the congressionally mandated Solarium Commission\u2019s 80 initial recommendations<\/a> have been implemented or are close to it, a testament to the report\u2019s influence. But the chairmen of the commission warned in their follow-up report released on Tuesday that it is essential to maintain momentum in improving computer security at a time of widespread cyberattacks. <\/p>\n<p>\u201cWe cannot afford to pause in the pursuit of enhanced cybersecurity,\u201d wrote Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wisc., in the report.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The initial Solarium Commission report and subsequent follow up white papers led to major policy changes, such as the creation of both the National Cyber Director and the State Department\u2019s Bureau of Cyberspace and Digital Policy. But <a href=\"https:\/\/www.fdd.org\/analysis\/2023\/09\/19\/2023-annual-report-on-implementation\/\">the annual implementation report<\/a> from the C2C 2.0 \u2014 an organization spun off from the Solarium Commission \u2014 argues that while both the Biden administration and Congress have \u201ctaken significant steps\u201d to improve U.S. cybersecurity efforts, more needs to be done.<\/p>\n<p>Of the 116 total recommendations from the Solarium Commission, 42 are considered fully implemented, while 36 are \u201cnearing implementation,\u201d which means that the recommendation is either included in legislation or an executive order, there is a clear path to approval or the idea is partially implemented in a new law or policy.<\/p>\n<p>Of the recommendations that are not yet fully implemented, 26 are considered to be \u201con track\u201d to completion on some level, while 11 show limited or delayed progress.<\/p>\n<p>Notably, only one recommendation is seen as facing \u201csignificant barriers\u201d to adoption: the creation of a House Permanent Select and a Senate Select Committee on Cybersecurity. The report says that \u201csignificant pushback\u201d against the creation of such a committee continues but notes that draft legislative language exists in case a major event like a cyberattack occurs that might help to overcome \u201cpolitical barriers.\u201d<\/p>\n<p>The lack of progress for select committees on cybersecurity is \u201cone of the biggest failures of the work of the commission,\u201d said King at an event for the launch of the report.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>King also noted that the lack of a Joint Collaborative Environment is another aspect that is still lacking. The Joint Collaborative Environment is a type of public-private effort that aims at giving faster, actionable information to the private sector. CISA is rolling out a JCE project but the report \u2014 which says the recommendation is on track \u2014 notes that language codifying the program did not make it into the House fiscal year 2023 NDAA.<\/p>\n<p>\u201cWe\u2019ve got to build a situation where the private sector and the government can work together harmoniously, seamlessly in real time, and that doesn\u2019t come naturally to either of those entities,\u201d King said.<\/p>\n<p>Gallagher pointed out that the development and maintenance of a continuation of the economy plan recommendation from the commission has not been treated seriously by the White House. The plan would look at how to revamp systems in case of a major cyberattack on multiple critical industries.<\/p>\n<p>The White House delegated that responsibility to CISA, but the Solarium report notes that CISA\u2019s efforts do not outline a way to update those plans, did not involve private sector participation and do not focus on economic recovery.<\/p>\n<p>Gallagher said that the response from the White House was \u201ca joke.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>On privacy, the Solarium Commission recommended passage of a national data security and privacy protection law. That idea that faces an uncertain future in Congress, but Tuesday\u2019s implementation report nonetheless deems it \u201con track,\u201d as several congressional committees have resumed discussions on federal privacy legislation. <\/p>\n<p>The commission\u2019s recommendation to form a Bureau of Cyber Statistics \u2014 a government body that would serve as a repository for cybersecurity data and address the paucity of data in the field of computer security \u2014 could be revived by Congress. Legislative language included in the Senate version of the National Defense Authorization Act would require the Defense Department to conduct a study on establishing such an office.<\/p>\n<p>Other recommendations of the commission could be implemented with further executive action. Efforts to <a href=\"https:\/\/cyberscoop.com\/fdd-cyber-capacity-building\/\">develop cyber confidence building measures<\/a> could be taken on by the State Department\u2019s new cyber bureau and developed in its forthcoming international cybersecurity strategy, Tuesday\u2019s report notes.<\/p>\n<p><strong>Updated, Sept. 19, 2023:<\/strong> This article has been updated with additional quotes from Sen. Angus King and Rep. Mike Gallagher.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/solarium-commission-implementation-report\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Solarium Commission wants action on stalled cybersecurity recommendations | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[594,293,117,656,439,318],"tags":[596,299,119,658,443,319],"class_list":["post-1737","post","type-post","status-publish","format-standard","hentry","category-cyberspace-solarium-commission","category-department-of-homeland-security-dhs","category-government","category-national-cyber-director","category-policy","category-state-department","tag-cyberspace-solarium-commission","tag-department-of-homeland-security-dhs","tag-government","tag-national-cyber-director","tag-policy","tag-state-department"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cyberspace-solarium-commission\/\" rel=\"category tag\">Cyberspace Solarium Commission<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-homeland-security-dhs\/\" rel=\"category tag\">Department of Homeland Security (DHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-cyber-director\/\" rel=\"category tag\">National Cyber Director<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/state-department\/\" rel=\"category tag\">State Department<\/a>","tag_info":"State Department","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1737","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1737"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1737\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":1737,"date":"2023-09-19T10:30:00","date_gmt":"2023-09-19T10:30:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=77146"},"modified":"2023-09-19T10:30:00","modified_gmt":"2023-09-19T10:30:00","slug":"solarium-commission-wants-action-on-stalled-cybersecurity-recommendations","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/09\/19\/solarium-commission-wants-action-on-stalled-cybersecurity-recommendations\/","title":{"rendered":"Solarium Commission wants action on stalled cybersecurity recommendations"},"content":{"rendered":"