SBN

Five key lessons from the 2020 U.S. Cyberspace Solarium Commission report

Introduction

On March 11, 2020, the Cyberspace Solarium Commission (CSC), a governmental commission aiming to identify “a strategic approach to defending the United States in cyberspace against cyber-attacks of significant consequences,” published an extensive report outlining a new cyber strategy. The report is based on over 300 interviews and includes more than 80 recommendations for actions across the private and public sectors.

The purpose of this article is to examine five key lessons from the report that provide guidelines on how to improve the cybersecurity of the United States. Those five lessons are: 

  1. Enhancing the deterrence to malicious cyberspace actors
  2. Enhancing the resilience of the US economy to cyber-attacks
  3. Reforming the government in such a way as to increase its deterrence capacity
  4. Strengthening the cybersecurity capacity of private sector entities
  5. Focusing on election security

The five lessons will be examined in more detail below. 

1. Enhancing the deterrence to malicious cyberspace actors

The report argues that, due to the unwillingness or inability of the United States to identify and punish cyberattackers, the attackers feel undeterred and even emboldened to attack US cybersecurity infrastructure. If the United States effectively defends itself against such attacks, it will dissuade potential intruders from engaging in cyber aggression.

The report proposes the creation of a layered cyber-deterrence scheme consisting of three pillars: 

  1. Promoting responsible behavior in cyberspace
  2. Denying benefits to cyberspace adversaries who act or have acted contrary to the US interests 
  3. Maintaining the capability to retaliate against cyberspace actors who target the United States

It is worth mentioning that the concept of deterrence played an important role in the US foreign policy during the Cold War. The report defines the concept as “dissuading someone from doing something by making them believe the costs to them will exceed their expected benefit” and mentions four (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Dimov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/e0OT2HVyazg/