The Future of U.S. Cyber Policy in the Public and Private Sectors

The U.S. Cyberspace Solarium Commission has played an integral role in American cyber policy, including creating stricter cybersecurity defense strategies to prepare for possible attacks.

The U.S. Chamber of Commerce hosted the Cyberspace Solarium Commission webinar to further discuss the commission's work. During this event, cyberspace professionals shared the projected next steps for U.S. cyber policy, specifically for the public and private sectors.

Businesses of All Sizes Must Prepare for Offensive Cyber Operations from Russia During Its Invasion of Ukraine

Russia’s invasion of Ukraine has had many countries on edge, including the United States. This is especially the case when it comes to cybersecurity.

“I have been somewhat surprised that we haven't seen more offensive cyber operations by the Russians in Ukraine and around the world,” said Congressman James Langevin, member of the U.S. House of Representatives and Commissioner at the U.S. Cyberspace Solarium Commission. “There are surely cyber operations going on, but not to the scale that I had expected yet.”

Congressman Langevin added that he continues to be concerned about possible cyberattacks against the U.S. and the country’s lack of preparedness.

“We have to be on guard,” he continued. “I think President Biden was right to warn the U.S. and the private sector that we need to be on alert because … intelligence does show that Russians could be getting ready to carry out some type of offensive cyber operations against U.S. entities.”

Congressman Langevin recommended businesses of all sizes take advantage of CISA’s Shields Up program to better protect themselves, as the severity of ongoing threats is difficult to measure.

The U.S. Must Be Patient With Legislative Changes in the Cyber Sector

Mark Montgomery, senior director of the Center on Cyber and Technology Innovation and senior fellow for the Foundation for Defense of Democracies, stressed the fact that legislative changes usually take longer than many realize — “about two years to take hold and show meaningful change.”

“So with that caveat, I’d probably say that while no specific recommendation has been determinative, as we enter this crisis with Russia, I think the strengthening of CISA, both the authorities and the appropriations over the last 18 months, has made a big impact,” Montgomery explained.

He added that the commission has pushed seven authority changes and four appropriation levels that have provided “great success” to the country.

“Looking forward, I'd say give it another six to 12 months [with] the creation of the [Office of the] National Cyber Director … and the four structure assessment of Cyber Command,” he said. “That's going to drive significant increases in the size of the Cyber Mission Force.”

Montgomery also stressed the importance of strengthening the Sector Risk Management Agencies, which is the “codification of support that we expect these agencies provide to the private sector.”

Operational Collaboration and Integration Are Top Priorities in Terms of U.S Cyber Security

The term “operational collaboration” has become a buzzword, and many don’t understand its true definition. According to the New York Cyber Task Force, operational collaboration is “the integrated public-private preparation and response to [a] severe cyber crisis,” said Ben Flatgard, executive director for JPMorgan Chase & Co.

“Collaboration is an important word, and it means give-and-take and contributions from multiple parties,” he continued. “I think integration is another important word, and unfortunately sometimes, in the early stages of operational collaboration, we've done side-by-side developments of different capabilities and tools, but they haven't really been integrated.”

“I think as we look to the next … phase of development in this space, integration is going to be as important of a word as collaboration,” Flatgard said.