Solarium progress report highlights security advances, challenges

While most of the Cyberspace Solarium Commission's recommendations are on track to being implemented, but lack of funding could potentially undermine some efforts, according to a recent the commissions’ 56-page progress report.

Of the 82 recommendations the commission made last year, only about 5% faced significant barriers to full implementation, while 44% are on track and 14% are nearing implementation, according to the report. About a quarter of the recommendations have been fully implemented since the report’s release in March 2020 -- many of which were pushed through the 2021 National Defense Authorization Act.

"Authorizing an activity doesn't do much good without funding behind it. And as we watch the budget process this year, there's a lot still up in the air on this one, especially with respect to activities that were just passed this last January in the National Defense Authorization Act," Laura Bate, the commission's senior director, said during an Aug. 12 virtual event for the release of the report.

Bate said "barriers" and "limited progress" don't necessarily mean the recommendation is dead, but rather that timing is off and "momentum" is needed from the larger community.

Bate said some of those funding delays were expected as part of the legislative process, such as those recommendations that were authorized in the 2021 NDAA. However, some areas didn't receive any proposed funding for fiscal 2022.

For example, while the Cybersecurity and Infrastructure Security Agency is poised to get funding bumps in fiscal 2022, there are some constraints in other areas, particularly with workforce initiatives.

Bate said a CISA program called the Cybersecurity Education and Training Assistance Program was "zeroed out" of the agency's budget request. The same thing happened with the Cybersecurity Workforce Development Program authorized at the National Institute of Standards and Technology as part of the 2021 NDAA.

"The president's budget doesn't ask for any money for it. And actually looking at [the National Institute of Standards and Technology] more generally. They're really due to be a busy office, not just because of our recommendations, but also in light of the executive order on improving the nation's cybersecurity there's a lot of work tied to them in there. And so far we haven't really seen particularly significant increases to their cybersecurity and privacy budget," Bate said.

"So some really big funding priorities remain to make sure that implemented recommendations are actually successful," she said.

Other structural reform efforts that need appropriations include the reestablishment of the Office of Technology Assessment in Congress, with funding requests around $6 million, and bolstering the Cyber Threat Intelligence Integration Center and FBI's Cyber Mission and National Cyber Investigative Joint Task Force. Funds are also needed to improve cyber tools for international law enforcement, support the Election Assistance Commission and build a national resilience against foreign, malicious information operations.

Sen. Angus King (I-Maine), commission co-chair, said establishing the national cyber director was one of the commission's most important accomplishments, but there is more left to do.

"There's a lot of work left to be done and this job will never be fully completed because there are always going to be malevolent actors out there," King said.

This article was first posted to FCW, a sibling site to Defense Systems.