The United States will need a more robust whole-of-government approach to mitigate the impact of more serious cyberattacks on infrastructure, according to a congressionally mandated commission report issued today with over 75 recommendations. The Cyberspace Solarium Commission— composed of members of Congress, the Executive Branch and the private sector—was mandated by Congress to examine the entire spectrum of challenges the U.S. faces across the cyber infrastructure that powers most of our economy. The chair’s introduction to the report notes that, “our country is at risk, not only from a catastrophic cyberattack but from millions of daily intrusions disrupting everything from financial transactions to the inner workings of our electoral system.” A key recommendation—with major implications for the government and the private sector—is that more attention should be paid to deterring threats. This in turn will require the U.S. economy to be far more resilient to make future attacks less impactful. As the Commission's report notes, “deterrence will require private-sector entities to step up and strengthen their security posture.”

Many of the Commission’s recommendations focus on making the executive and legislative branches more responsive and effective in dealing with the challenges posed by cybersecurity, recognizing that solutions to these problems often require deeper and more sophisticated cooperation between the private and public sector.

The Commission’s recommendations fall into several general categories: (i) reforming the U.S. government’s structures and organization, (ii) addressing norms and non-military tools, (iii) promoting resilience, (iv) reshaping the “cyber ecosystem” for improved security, (v) improving private sector cooperation and (vi) effectively employing the U.S. military in a cyber-conflict. Notably, for each legislative recommendation, the Commission included draft legislation for Congress to consider.