Solarium boosters pivot to acknowledge pandemic parallels

For members of the Cyberspace Solarium Commission, it was practically a nightmare come true.

For nearly a year, commissioners and staff labored to develop a comprehensive set of recommendations that they believed, if adopted, would help the U.S. regain the initiative across a host of a cyber policy issues. Along the way those involved, such co-chair Sen. Angus King (I-Maine), frequently told reporters and the public that they had no interest investing time and effort into the enterprise if the end result was just another discarded report left to gather dust on policymaker’s bookshelves.

After spending weeks previewing their findings at numerous events, the commission unveiled its final report Mar. 11 and laid out an ambitious agenda to pass as many of the recommendations through Congress this year as possible.

Six weeks later, those ambitions must be tempered as a pandemic has cratered the U.S. economy and Congress has been largely unable to focus on issues other than emergency business.

It's not clear if a truncated congressional calendar will allow for the committee meetings, markups and other deliberations that would normally be used to inject the commission’s recommendations into the legislative bloodstream.

Former White House cybersecurity director Ari Schwartz said it “seems like Congress is going to face a lot of logistical challenges this year, on top of the existing partisan and election year challenges you would normally face to get a series of recommendations like this put into law.”

Solarium members are retooling their pitch to focus on recommendations -- like developing a plan to keep the economy afloat in the wake of a major cyber incident and establishing centralized leadership at the White House – that allow them to draw parallels to the current coronavirus crisis.

“You look at what we’re dealing with, with COVID-19 and why having a stronger cyber ecosystem is important, we all now appreciate the issue of continuity of the economy,” said Rep. Jim Langevin (D-R.I.), who chairs a subcommittee of the House Armed Services Committee. "That's another one of the key provisions we’d like to see enacted here, making sure that we know if there were ever a major cyberattack, which parts of the economy need to be up and running first and what do we need to do to do that?"

Rep. Mike Gallagher (R-Wis.) and others have expressed similar sentiments, arguing that better planning on the front end could reduce the potential for financial pain and suffering during a future emergency, cyber-related or not.

A widespread shift towards telework as governments and businesses attempt to conduct their business online has also hammered home the importance of bolstering the nation’s collective cyber defenses.

According to a report in Politico, the commission is mulling the addition of an annex to their report that specifically highlights recommendations that have policy overlap with the COVID-19 crisis.

Even before the pandemic resulted in closed up shops and shut down entire industries, the Cybersecurity and Infrastructure Security Agency worked to develop a list of national critical functions that would have a major debilitating effect on economic or national security if they were disrupted. Last week, agency director Chris Krebs said officials were monitoring the pandemic's impact on the supply chain and other parts of their economy to update their modeling.

As FCW reported last week, Langevin and other commissioners are eyeing the upcoming must-pass National Defense Authorization Act as a prime vehicle to pass a chunk of the report’s recommendations, particularly those in Pillar Six that deal with the military and national security. Other ideas like establishing a new Bureau of Cyber Statistics at the Department of Commerce to communicate digital threat “in business terms” may need to be pushed as separate bills, and Langevin said he had a call scheduled later the same day with House Science, Space and Technology Chair Rep. Eddie Bernice Johnson (D-Texas) and others to push the proposal.

The centerpiece of the commission’s recommendations, reestablishing a cybersecurity directorate at the White House with a Senate-confirmed director, also has no clear home. While the idea has plenty of bipartisan support in Congress, Langevin said he was not expecting an endorsement from the Trump administration.

"I understand that on the national cyber director there's going to be resistance coming from the White House," he said. "I appreciate the fact that no one from Pennsylvania 1600 Avenue likes Congress telling them how to do their job or how they should be structured, but the fact of the matter is it's necessary."