In an era where many government operations are data driven, clear metrics in cyberspace have remained elusive, and several individuals involved with the Cyberspace Solarium Commission are looking to change that as annual defense bills are being drafted.
The commission – authorized by previous National Defense Authorization Act legislation to study how the U.S. can better defend against cyber threats – issued its signature report last month calling for a harder deterrence strategy, creating cyber-dedicated committees in Congress, establishing a Senate-confirmed National Cyber Director, and strengthening the Cybersecurity and Infrastructure Security Agency (CISA) to serve as a national cybersecurity coordination hub.
“We’ve been operating for too long without data in this space,” said Brandon Valeriano, a senior advisor to the commission, at a virtual event organized by the group on April 15. Valeriano emphasized the need for the United States to “get better at metrics.”
Creating a Bureau of Cyber Statistics would be one way to do that, said Valeriano, highlighting one of the many recommendations from the report. The proposed bureau would collect and provide statistical data on cybersecurity to inform policymaking and government programs.
And while the bureau’s scope could cover Federal agencies and departments, the commission also recommended amending the Sarbanes-Oxley Act in order to require private sector companies to keep metrics on cybersecurity.
Rep. Jim Langevin, D-R.I, a Solarium commissioner, member of the House Armed Services Committee, and one of the leading policy voices on cybersecurity in Congress, issued a call last month for better metrics for the Department of Defense (DoD).
“I will continue to press the Administration for meaningful metrics for success that go beyond simply the number of operations conducted,” said Rep. Langevin, in a March statement. The Solarium report also recommends a requirement for the department to improve reporting metrics.
Whether the commission’s recommendations become law is now in the hands of Congress.
Mark Montgomery, the commission’s executive director, said Wednesday that 95 percent of the commission’s legislative proposals have been submitted to relevant Hill committees. House Armed Services Committee Chairman Rep. Adam Smith, D-Wash., said last week he hopes to have text of the Fiscal Year 2021 NDAA ready by May 1.
A spokesperson for the committee’s majority said last week that since work on the bill is ongoing, “we cannot comment on the likelihood that any one provision will be included.”
“That being said, we can confirm that the HASC leadership and staff took the recommendations of the Solarium seriously, and are currently considering a number of related provisions as we work on this year’s NDAA,” said Monica Matoush.