Implementing the Cyberspace Solarium Commission's Vision: Progrsess, Challenges, and the Impact on Future Elections

Mark Montgomery expresses optimism about the progress made in implementing the Cyberspace Solarium Commission's recommendations. He emphasizes that a significant portion, nearly 70%, of the recommendations from the initial report are either fully implemented or nearing completion. This progress is particularly notable in the restructuring of the United States government's approach to cybersecurity. Key successes include the creation of the national cyber director position, which centralizes leadership in cybersecurity matters, and the strengthening of the Cybersecurity and Infrastructure Security Agency (CISA). These steps represent critical advancements in coordinating and enhancing the nation's cybersecurity posture. Mark's insights reveal a proactive and strategic effort to bolster the United States' defense against cyber threats through comprehensive planning and execution.

Challenges in Enhancing Cyber Resilience and Collaboration

Despite the successes, Mark is candid about the challenges that remain in fully realizing the Commission's vision. He outlines three primary areas where progress has been more challenging. Building national cyber resilience, fostering public-private partnerships, and improving the overall cyber ecosystem. These areas are crucial for a robust cybersecurity infrastructure. Yet they present hurdles in terms of implementation and effectiveness. Enhancing resilience involves ensuring that critical infrastructure can withstand and rapidly recover from cyber incidents. Developing effective public-private partnerships is vital for sharing information and resources between the government and the private sector. Lastly, improving the cyber ecosystem entails creating a safer and more secure online environment for all users. Mark's discussion of these challenges underscores the complex nature of cybersecurity. Plus, the need for continued effort and innovation to address evolving threats.

Elections and the Impact of Technology: 
"I think the use of social media and deep fakes and the ability to use AI tools quite easily to manipulate these things is gonna make for a very interesting election."— Audra Simons

The Cyberspace Solarium Commission's Stance on NIST Budget and Response to Cyber Threats

Mark highlights the critical need for increased financial support for the NIST Cybersecurity Division. He expresses concern over the current budget allocation and emphasizes that without significant appropriations, it's challenging to meet the growing demands and responsibilities placed on the division. Mark points out that despite an increase in tasks and expectations from both the executive orders and legislative actions, the budget for NIST's Cybersecurity Division has not seen a proportional increase. This discrepancy threatens the division's ability to effectively safeguard national cybersecurity infrastructure and respond to emerging threats.

Cyberspace Solarium Commission Shifts Focus to Advocacy and Budgetary Support for Fiscal Year 2024

Following the sunset of the commission, Mark describes a strategic shift into what he terms as “2.0 mode”. Focusing on the implementation of the commission's recommendations and advocating for substantial budgetary support in the coming fiscal year. This transition is crucial for maintaining momentum in cybersecurity initiatives and ensuring that the groundwork laid by the commission continues to evolve and strengthen national cybersecurity posture. With the fiscal year 2024 budget on the horizon, Mark highlights the urgency of securing adequate funding to support these initiatives. He suggests that the future of national cybersecurity efforts hinges on the availability of resources to implement recommended measures effectively.

The Role of the Cyberspace Solarium Commission in the Wake of Pipeline Industry Ransomware Attacks

The conversation with Audra brings to light the recent ransomware attack on the pipeline industry, which resulted in significant disruptions. This incident serves as a stark reminder of the vulnerabilities present in critical infrastructure and the cascading effects that cyber attacks can have on business operations and national security. Mark and Audra agree on the necessity for increased investment in cybersecurity measures to prevent such incidents. They argue that the government bears a significant portion of this responsibility. Highlighting the need for public sector support in securing critical infrastructure against cyber threats. This includes not only direct financial investment but also fostering a regulatory and operational environment conducive to robust cybersecurity practices.

The State of Cybersecurity in Critical Infrastructure Sectors

Mark highlights the energy sector as a beacon of cybersecurity readiness. Distinguishing itself through significant investment and a strategic focus on safeguarding its operations. Companies like Southerns, Duke, and Berkshire Hathaway are heralded for their serious commitment to cybersecurity. Driven by the sector's recognition of the critical role it plays in national and economic security. The energy sector's approach is supported by a combination of regulatory measures and leadership awareness which collectively foster a robust defense against cyber threats. This sector's readiness serves as a model for how critical infrastructure sectors can effectively prioritize and implement cybersecurity measures to protect their assets and the services they provide to society.

Disparity in Cybersecurity Readiness Across Sectors

Contrastingly, Mark points out the concerning levels of cybersecurity readiness in sectors such as healthcare, education, water, agriculture, and food. These sectors are critical for societal well-being but are notably behind in terms of cybersecurity preparedness. The disparity is attributed to a combination of neglect, underinvestment, and a lack of stringent regulatory frameworks guiding cybersecurity practices. This situation exposes these sectors to an increased risk of cyberattacks. This could have devastating impacts on public health, safety, and economic stability. Mark emphasizes the urgent need for these sectors to elevate their cybersecurity standards and align with the more proactive approaches seen in sectors like energy and financial services.

Lag in Updating Technology Governance:
 "So we're 7, 8 years late rewriting a emerging technology governance document, which, you know, should not be 11 years old."— Mark Montgomery

Cyberspace Solarium Commission: Legislative Efforts to Strengthen Cybersecurity in Critical Sectors

Laws have been passed that set clear expectations for sector risk management agencies. Mandating accountability and providing the necessary budgetary allocations to enhance cybersecurity defenses. These legislative measures represent a critical step towards closing the cybersecurity readiness gap across sectors. By setting a legal framework for cybersecurity practices, the government aims to ensure that all critical infrastructure sectors are equipped to defend against and respond to cyber threats effectively. Mark explains the importance of these laws in driving improvements in cybersecurity readiness. Thereby protecting national security and the public's well-being.

Insights from the Cyberspace Solarium Commission on Recruitment, Management, and Compensation

Mark introduces the concept of a specialized military force dedicated to cybersecurity. Highlighting the current shortcomings in how cyber forces are generated, recruited, and managed across various branches of the military. He notes the inconsistency in recruitment practices, training, and compensation across the Army, Navy, Air Force, and Marines. This inconsistency not only hampers the effectiveness of cyber forces but also affects their retention rates. Mark proposes the establishment of a distinct cyber military service as a solution to these challenges. He argues that such a force would benefit from focused recruitment and training efforts aimed at attracting individuals with the specific skill sets required for cyber operations. This approach would ensure a more agile and specialized workforce. Better equipped to respond to the rapidly changing cyber threat landscape.

The Catalysts of Change:
 "There always seems to have to be something really horrible to happen that gets the focus, that gets people to find the money in order to change things or bring in new laws in order to change things. That seems that, like, the human behavior, there has to be a catalyst."— Audra Simons

A Discussion by the Cyberspace Solarium Commission

Mark further emphasizes the importance of properly compensating and managing cybersecurity professionals within this proposed cyber military force. He advocates for a compensation model that rewards performance and capabilities. Recognizing that this is critical for both attracting and retaining top talent in the field of cybersecurity. Through proper management and fair compensation, the goal is to build a robust cybersecurity workforce capable of effectively countering sophisticated cyber threats. Audra expresses interest in the career paths that lead individuals to specialize in cybersecurity. Highlighting the uniqueness of each professional's journey to the field. This discussion acknowledges the vital role that these cybersecurity professionals play in national security and the broader cybersecurity ecosystem. Underscoring the need for a dedicated approach to their recruitment, training, and management.

Challenges in Space Governance and Foreign Threats

Mark highlights a significant gap in the U.S. government's approach to space governance. Pointing out the lack of a decisive and regulatory framework to oversee activities and security in space. Despite NASA's attempt to fill this void with the release of best practice guidance, these recommendations fall short of having the enforceable authority necessary for effective governance. Mark criticizes this passive stance. Emphasizing the urgent need for a dedicated federal agency to take the helm in regulating space activities. This agency would not only establish and enforce security protocols. They also serve as a central point of contact for both government and private sector entities involved in space. Thereby streamlining efforts to protect critical space infrastructure from potential threats.

Foreign Threats to Space and Critical Infrastructure

Turning his attention to foreign threats, particularly those posed by China, Mark delves into the strategic risks that these pose to U.S. national security. He explains how foreign actors, notably China, are embedding malicious software within the U.S. critical infrastructure, a tactic that transcends traditional espionage. Such actions are designed to compromise military mobility and cripple economic productivity, with the potential to disrupt space operations in times of conflict. Mark highlights the gravity of this threat. Stressing that it targets the very lifelines of military and economic stability. Furthermore, he points out the vulnerability of space infrastructure to sabotage, including cyberattacks on ground stations, satellites, and essential communication links. This discussion raises alarm over the broader national security implications. Highlighting the need for a comprehensive and proactive approach to safeguarding space and critical infrastructure against foreign adversaries.

Social Media Manipulation and National Security:
 "So let's be clear. You know, this kind of social media manipulation through the algorithm because the company, not because TikTok can exist just fine. It just can't be owned by ByteDance, which is a company subject to the whims and desires of the Chinese Communist Party. And it's been routinely penetrated by the MSS."— Mark Montgomery

The Cyberspace Solarium Commission's Outlook: Expanding Space-Based Technologies and the Call for Strategic Governance

Mark discusses the inevitable expansion of space assets, emphasizing how modern systems heavily rely on space-based technologies. He highlights the significant role that satellites play in various sectors. Including agriculture, transportation, energy, and water management, through the provision of GPS signals, timing services, and critical data. Mark points out the future potential for resource extraction from celestial bodies such as asteroids and planets. This prospect, he suggests, could revolutionize industries by providing new resources. Plus, potentially alter the concept of governance as humanity extends its reach beyond Earth.

The Need for Proactive Space Infrastructure Governance

Expressing disappointment with the government's current passive approach to space infrastructure governance, Mark calls for a more proactive and strategic stance. He critiques the absence of a unified vision for space governance. Noting that this could lead to vulnerabilities in national security and missed economic opportunities. Mark argues that as other nations, notably China and Russia, aggressively pursue space dominance, it is imperative for the United States to establish a clear and robust framework for space governance. This includes the designation of space as a critical infrastructure. Ensuring that a designated federal agency leads the sector. And implementing cybersecurity measures to protect space assets from potential threats.

About Our Guest

Mark Montgomery serves as senior director of the Center on Cyber and Technology Innovation, where he leads FDD’s efforts to advance U.S. prosperity and security through technology innovation while countering cyber threats that seek to diminish them. Mark also directs CSC 2.0, an initiative that works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he served as executive director. Previously, Mark served as policy director for the Senate Armed Services Committee under the leadership of Senator John S. McCain, coordinating policy efforts on national security strategy, capabilities and requirements, and cyber policy.
Mark served for 32 years in the U.S. Navy as a nuclear-trained surface warfare officer, retiring as a rear admiral in 2017. He was assigned to the National Security Council from 1998 to 2000, serving as director for transnational threats. Mark has graduate degrees from the University of Pennsylvania and the University of Oxford and completed the U.S. Navy’s nuclear power training program.