The Cyberspace Solarium Commission aims to explore three paths for cyber doctrine in the United States, select one, and make concrete policy recommendations to clearly communicate an American strategy in cyberspace, Sen. Angus King, I-Maine, told reporters on a call on Monday, May 13.
King, one of the co-chairs of the commission alongside Rep. Mike Gallagher, R-Wis., explained how the group, based on the Solarium Commission of the 1950s that helped devise a strategy to address the Soviet Union, will work and the end goal of its efforts.
“Our underlying mission is to formulate a comprehensive cyber strategy and doctrine and policy for the United States in a time of escalating cyber threats,” King said. “There’s a very broad scale level of threats, and what we’re trying to do is develop a policy that can be understood by our adversaries that involves more than just patching software.”
Created by the 2019 National Defense Authorization Act, the Cyberspace Solarium Commission includes King, Gallagher, Sen. Ben Sasse, R-Neb., Rep. Jim Langevin, D-R.I., FBI Director Christopher Wray, Deputy Secretary of Defense David Norquist, and Deputy Secretary of Homeland Security David Pekoske among its 14 members.
The commission will separate into groups to study three approaches to cybersecurity and come to a decision on one:
- Persistent engagement, King described as “a more forward-leaning policy than we’ve had in the past,”
- International norms and standards, which aim to create lines in the sand that nation-states agree not to cross like the Geneva Convention and chemical weapons, and
- Deterrent based solutions, the most aggressive posture, based on a “heightened level of active response to cyberattacks.”
The commission aims to hold a “competition” between the different groups and decide on the right path to take in September, with a report expected by the end of the year.
King stressed that the commission is aiming for more than glittering generalities.
“I hope it can be as specific as possible with recommendations for legislation, for rules, for norms, for whatever we recommend. If it’s a general report that says, ‘Cyber is a problem and we have to do something about it,’ then we will have failed our mission,” he said.
King noted that the commission’s report will build on existing efforts, such as the National Cybersecurity Strategy, but will aim to create a more comprehensive strategy.
“I’m very strong on the idea that it has to be clear, understandable, and our adversaries have to understand what the rules of the game are, and what the consequences and results will be if they act in an aggressive way,” King said.