A new report released in March 2020 by the Cyberspace Solarium Commission outlines recommendations for reforms to organize government more effectively, promote international accountability, and strengthen efforts for U.S. cybersecurity collaboration. The American National Standards Institute (ANSI) encourages all relevant stakeholders to review the recommendations, which reference standards and conformity assessment solutions.
The 182-page guidance document, authored by bipartisan cybersecurity leaders, is an outcome of the National Defense Authorization Act, which chartered the U.S. Cyberspace Solarium Commission to address issues related to cyberattacks on U.S. critical infrastructure and systems. The President and Congress tasked the Commission to consider a strategic approach to defend the United States against cyberattacks of significant consequence.
The document, released days before a U.S. health agency suffered a cyberattack during its coronavirus response, suggests the U.S. is vulnerable to attack, and provides more than 75 recommendations for action across the public and private sectors.
Among the recommendations, the Commission underscores the value of standards, and suggests creating a cyber-bureau and assistant secretary at the U.S. Department of State and engaging actively and effectively in forums setting international information and communications technology standards (page 50). The recommendations also include a suggestion to expand and support the National Institute of Standards and Technology Security (NIST), which ANSI and its stakeholders work with closely to support effective cyber guidance. The authors also recommend resourcing a federally-funded research and development center to work with state-level regulators in developing certifications for cybersecurity insurance products.
Additionally, the Commission suggests the creation of a National Cybersecurity Certification and Labeling Authority that would be charged with certifying critical information technologies against frameworks based on identified and vetted security standards and with supporting and endorsing product labeling, building on existing work on software bills of material at the National Telecommunications and Information Administration.