Federal Cyber Commission Continues Despite Privatization

From $1 billion for state and local cybersecurity initiatives to new reporting requirements for critical infrastructure companies, the policy suite developed by the Cyberspace Solarium Commission continues to garner interest from lawmakers, despite the commission being disbanded in December.

The commission’s recommendations are now being shepherded by CSC 2.0, a project of the Foundation for Defense of Democracies (FDD), a D.C. think tank and lobbying organization. The new organization is made up of former commission staff members and has an advisory group led by Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis.

The group’s first annual assessment since forming outlines both legislative successes and lays out the status of each policy recommendation.
Among the group’s wins are the eye-watering amount of federal money for cybersecurity-related issues, including $1 billion in grants for state, local and tribal governments.

“I could never have imagined numbers this big,” Mark Montgomery, one of the report’s primary authors and the executive director of CSC 2.0, told Government Technology. Montgomery was also the executive director of the Cyberspace Solarium Commission.

The grant programs oriented to upgrading state and local capabilities are being managed by the Cybersecurity and Infrastructure Security Agency (CISA), which has begun publishing rules for that program, according to Montgomery.

Looking to the future, Montgomery said that one of the biggest issues he and his group are working on is water systems at the local level.

“This is the most critical vulnerability in our national infrastructure,” he said.

Montgomery added that he will focus on working with the Environmental Protection Agency and state regulatory agencies to make sure they have the capabilities to support the cybersecurity needs of local water companies and regulators.

“Now we’ve got to get it done,” said Montgomery.

In addition to issues of funding and identifying vulnerabilities, CSC 2.0 is working on advocating for policies that will expand and support workforce development. This includes working on policies to better identify and track cybersecurity-related job statistics, as well as supporting recruiting tactics that will diversify the workforce.

“There’s the law and there’s the human infrastructure and attitudinal infrastructure that has to be built,” said King at an FDD event on Tuesday.

When asked about the transition from being a federally backed-commission to a project of a think tank, Montgomery said it was good that they didn’t extend the life of the commission unnecessarily. He added that progress on implementing new policies may slow down compared to the commission’s first two years as the group focuses on ensuring that their recommendations are implemented well.