Breach Notification , Events , Next-Generation Technologies & Secure Development

Solarium Commission's Recommendations: The Top Priorities

RSA 2021 Panel Calls for Federal Breach Notification Law and More
Solarium Commission's Recommendations: The Top Priorities
The RSA panel was moderated by Catherine Lotrionte, the director of the Institute for Law, Science and Global Security at Georgetown University.

More than a year after the U.S. Cyberspace Solarium Commission issued a report on how to improve cybersecurity, most of its recommendations have yet to be implemented.

See Also: The Operationalization of Threat Intelligence Programs

In a session at RSA Conference 2021, three cybersecurity experts said top priorities among the Solarium Commission's recommendations that have not yet been carried out are adopting a federal data breach notification law and improving public-private partnerships.

In March 2020, the Solarium Commission issued its latest report, which contained more than 80 recommendations, 27 of which the government has codified into law (see: Commission Calls for Revamping US Cybersecurity).

Collaboration Essential

Panelist Frank Cilluffo, a member of the Solarium Commission and the Department of Homeland Security Advisory Council, highlighted the importance of creating a collaborative environment between government agencies and the private sector organizations that are on the front lines of defending against cyberattacks.

"So one of the first recommendations we're looking at is establishing a joint collaborative environment. This is to actually bring the private sector in - not as a secondary afterthought - but for it to actually have a seat at the table in terms of implementing some of our operations and implementing some of our cyber defense measures," Cilluffo said.

Tom Corcoran, head of cybersecurity for Farmers Insurance, said the government has to supply cyber intelligence to those on the front lines, who can act upon it quickly.

"I would like to see the government providing more real-time threat intelligence to those companies so that they can automatically feed it into their tools," said Corcoran, who was formerly a senior staffer on the House and Senate Intelligence Oversight committees during the Obama administration.

Bureau of Cyber Statistics

Paul Rosenzweig, a senior fellow at the nonprofit public policy research organization R Street Institute, said the government should prioritize establishing a Bureau of Cyber Statistics. As noted in the March 2020 Solarium report, such a bureau would gather and provide statistical data on cybersecurity and the cyber ecosystem to support policymaking and government programs.

"If we're going to actually have a significant effort to systematize America's approach to cybersecurity, the bureau of cyber statistics is likely to be a venue for creating those types of metrics," he said. Such statistics would enable the creation of an accurate picture of looming cyberthreats and sketch out where the dangers lie.

Breach Notification

Cilluffo and Corcoran highlighted the commission's call for creating a federal data breach notification law. Over the years, Congress has repeatedly failed to enact such legislation.

"We need to make sure that we have the reporting structures in place in terms of a breach," Cilluffo said. "I think there's finally awareness that we need to be able to move forward on law."

Corcoran added that having data breach reporting standards in place would make it simpler for companies, particularly those firms that do not have a regulatory team in-house, to know what details must be included when filing a data breach notification.

Widely varying breach notification laws at the state level make it difficult for companies to comply, Corcoran said. A model for a federal law, he said is the New York Department of Financial Services' Stop Hacks and Improve Electronic Data Security, or SHIELD Act.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.