Whoever the next US president is, they will have cyber policy measures to consider implementing in order to protect the US from both nation-state adversaries and cybercriminals.
In its fourth annual report on implementation, published on September 19, the US Cyberspace Solarium Commission 2.0 (CSC 2.0) has provided the incoming administration and Congress with a set of ten new cyber policy recommendations.
CSC 2.0 is a group of cyber policy advisors created in 2022 to preserve the legacy and continue the work of the Cyberspace Solarium Commission (CSC), a US bipartisan, congressionally mandated intergovernmental body created in 2019 to develop a strategic US approach to defend against cyber-attacks of significant consequences.
80% of Previous Cyber Recommendations Implemented
Most of the CSC 2.0’s 2024 Annual Report on Implementation is dedicated to assessing how many of CSC’s recommendations issued in its 2020 report have been implemented by the US government.
Overall, CSC 2.0 found that 80% of the Commission’s original 82 recommendations have been fully implemented or are nearing implementation. An additional 12% are on track to be implemented.
CSC 2.0 also highlighted significant improvements in US cyber defense resources, such as increased capacity for the US Cybersecurity and Infrastructure Security (CISA) under Director Jen Easterly, with a budget nearly double in size over five years.
The same agency has contributed significantly to improving public-private integration efforts, mainly through the Joint Cyber Defense Collaborative (JCDC).
“Congress has also provided the executive branch with increased resources to address cybersecurity challenges facing the federal government, the US military, and the private sector,” the report added.
However, CSC 2.0 also warned about a recent slowing adoption rate while nation-state and ransomware attacks are on the rise.
New Cyber Recommendations for the Next Administration and Congress
CSC 2.0 estimates that, while the incoming administration should continue to implement the remaining recommendations from the 2020 report, more work needs to be done today to secure the US critical infrastructure.
Therefore, the non-profit provided a set of 10 recommendations of what the next Congress and administration should prioritize:
- Designate Benefits and Burdens for Systemically Important Entities
- Conduct Robust Continuity of the Economy Planning
- Codify Joint Collaborative Environment for Threat Information Sharing
- Strengthen an Integrated Cyber Center Within CISA
- Develop Cloud Security Certification
- Establish a Bureau of Cyber Statistics
- Establish Liability for Final Goods Assemblers
- Develop Cybersecurity Insurance Certifications
- Establish National Guard Cybersecurity Roles
- Build Societal Resilience Against Cyber-Enabled Information Operations