The last two presidents have been resistant to formalizing a cybersecurity strategy. The new Cybersecurity Solarium Commission hopes that by replicating the process President Eisenhower used to form a nuclear strategy in the 1950s, they can develop one that will last.
The big picture: Presidents Obama and now Trump have argued that formalizing how the U.S. will combat cyberattacks reduces the executive branch's agility. Lawmakers, including co-chair Sen. Angus King (I-Maine), who co-chairs the Solarium group, have argued that as long as the U.S. has no doctrine, countries like Russia and China will see no consequence to an attack.
- "Right now, we're a cheap date," King told Axios.
Details: The commission, which formally launched last week, is a 14-member task force composed of 4 current lawmakers; directors or deputy directors of National Intelligence, Defense, the FBI and Homeland Security; and representatives from academia and industry.
- The group takes its form and name from the Solarium Commission Eisenhower used to develop a nuclear strategy in 1953.
- Like the original Solarium, the cybersecurity version will split into working groups, competitively arguing for different strategies. Those strategies will include persistent engagement, deterrence (which will include increasing resiliency), and the development of diplomatic norms — global rules of the road for cyber operations.
Co-chair Rep. Mike Gallagher (R-Wis.) did much of his PhD thesis on the original Solarium.
- He acknowledged to Axios there will a difference between the old and the new commissions. Eisenhower's had a pure competition between mutually exclusive approaches; it's likely that Gallagher's and King's will end up with a recommendation combining elements of their three contenders.
- But Gallagher believes that the competitive approach will be a surefire way to find areas where two strategies might be in conflict and iron out the differences, and find problems that exist in all three.
- "A problem for all three approaches is the question of attribution," he said. "We know who launched a missile, but it's harder to tell who set off a cyberattack."