Success Storied: How to Advocate for Tech Policy

Learning from the Cyberspace Solarium Commission, which achieved most of its ambitious wish list

3 min read
Illustration shows a blue lock  with circuitry and red , white, and blue lines passing through it.
John Lund/Getty Images

Of tech policy groups in recent memory, few have been quite as successful as the Cyberspace Solarium Commission (CSC). Turning policies into reality might not be the flashiest process, but it’s hard to say that CSC hasn’t made a splash. Thanks to its laundry list of cybersecurity recommendations, the United States now has an Office of the National Cyber Director, the U.S. government can subpoena ISPs over vulnerabilities, and the country has a raft of updated cybersecurity protocols.

The CSC has reached the end of its first life. But, already, well over half of its recommendations have been put into U.S. law—a rather impressive strike rate for a group of its kind. Looking at the CSC’s history and its background, there are a few factors that primed it for success—including more than a bit of fortune.

For one, the CSC owes its existence to the will of U.S. lawmakers: It was formed by and included members of the U.S. Congress in 2019. At that time, Donald Trump’s administration had dissolved the predecessor of the Office of the National Cyber Director, and members of Congress fretted over the hole that was left behind. So, they created the CSC to sort out how best to fill it.

The CSC ultimately recommended 82 policies. Of those, somewhere between 50 and 65 were ultimately enacted.

That legislative backing set the commission apart from counterparts that came before it. “They might have had congressional members, but [the CSC] was different, because it was actually written into legislation and funded by the Congress,” says James Lewis, policy expert at the Center for Strategic & International Studies. “In that way, it was a first.”

For another, the CSC had official precedents. It gets its name from Project Solarium, a group founded in 1953 to study U.S. policy toward the Soviet Union. (The White House Solarium, sitting atop the building, is where government officials met to brainstorm the group’s existence). Another, more recent precedent was the National Security Commission of Artificial Intelligence, formed in 2018 to study how American government policy wonks should react to the rising prevalence of AI.

An even larger inspiration may have been the 9/11 Commission, which had been founded by U.S. lawmakers in 2002 to pore over the causes of the previous year’s terrorist attacks. Its eventual report did receive criticism for conflicts of interest and using questionable evidence, and the government’s success in carrying out its recommendations was questionable. But it proved to be immensely influential over its successors—the CSC included.

The CSC recommended a total of 82 policies. Of those, somewhere between 50 and 65 were ultimately enacted, in the estimate of Mark Montgomery, the CSC’s executive director. But the process of actually implementing those recommendations was a delicate one that often needed to maneuver around the realities of U.S. federal lawmaking.

By far, the CSC’s highest-profile policy success was the creation of the National Cyber Director. But when the process began, it wasn’t clear that Donald Trump wouldn’t be reelected. In that course of events, the new director’s office would have had to deal with Trump’s rival wishes. Fortunately for the CSC, the incoming Joe Biden administration was far friendlier to its ideas.

Many of the CSC’s recommendations were added into the pages of 2021’s version of the National Defense Authorization Act, the yearly law that funds the U.S. military and the U.S. Department of Defense. While that ensured those recommendations would pass, it could lead to administrative tangles over who could lead cybersecurity activities.

“I think that one of the problems for the U.S. in general is that, since Congress is a little dysfunctional at times, they tend to tack everything into the National Defense Authorization Act, which makes it a DOD activity, and cybersecurity isn’t a DOD activity,” says Lewis. (It’s generally under the umbrella of a different government department, the Department of Homeland Security.)

“If you try to do this through the prism of DOD, it will make it harder to be successful,” says Lewis.

Now, with the Congress-backed phase of its existence over, the CSC prepares to start a second life as a think tank, under the umbrella of the Foundation for Defense of Democracies. Again, there’s precedent here; previous commissions have often transformed into think tanks after the end of their tenure.

It’s likely that the CSC’s new form won’t have as easy of a time quickly pushing through recommendations en masse. But it may be able to keep watch over the fruits of its labors so far, and it can continue pushing for the rest of its laundry list, such as reinforcing cybersecurity in key sectors like utilities and health care and bringing more people into the cybersecurity workforce.

“If there’s a lot that we can tell needs to be studied and done, maybe they need a new commission,” Montgomery told CyberScoop. “But I think we’re going to spend two years to try to push through on implementation. In hindsight, you need longer to track implementation.”
The Conversation (0)

The Cellular Industry’s Clash Over the Movement to Remake Networks

The wireless industry is divided on Open RAN’s goal to make network components interoperable

13 min read
Photo: George Frey/AFP/Getty Images
DarkBlue2

We've all been told that 5G wireless is going to deliver amazing capabilities and services. But it won't come cheap. When all is said and done, 5G will cost almost US $1 trillion to deploy over the next half decade. That enormous expense will be borne mostly by network operators, companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens more around the world that provide cellular service to their customers. Facing such an immense cost, these operators asked a very reasonable question: How can we make this cheaper and more flexible?

Their answer: Make it possible to mix and match network components from different companies, with the goal of fostering more competition and driving down prices. At the same time, they sparked a schism within the industry over how wireless networks should be built. Their opponents—and sometimes begrudging partners—are the handful of telecom-equipment vendors capable of providing the hardware the network operators have been buying and deploying for years.

Keep Reading ↓ Show less