In 1953, the United States stood at a precipice. After the death that year of Soviet strongman Joseph Stalin, senior U.S. cabinet officials could not agree on how to contain and confront Soviet expansion and aggression. So President Eisenhower devised an exercise to “analyze competing national strategies” to check the Soviets where possible and roll back their advances where feasible. The White House convened three teams of leading scholars and practitioners to analyze and craft distinct strategies so that the president could review the strongest arguments, reach consensus among his advisors, and determine the direction of U.S. policy. The exercise, Project Solarium, influenced U.S. national security policy for decades.
Sixty-five years later, this project is serving as the template for addressing a new challenge. The President this month signed the John S. McCain National Defense Authorization Act for Fiscal Year 2019 which created the Cyberspace Solarium Commission to forge consensus in the face of new and diverse threats in the cyber domain.
To be sure, reaching consensus on how to confront cyber aggression will be difficult. In 1953, Eisenhower faced dueling camps among his advisors. Some suggested an elevated military presence in multiple theaters that would seek to match Soviet assets. Others argued that this approach would weaken the U.S. economy and that America should work with its allies to bolster U.S. military strength with diplomatic and economic pressure. To reckon with these competing arguments, the experts convened by Project Solarium pored over the latest intelligence, economic data, and government documents, and provided a rigorous assessment of the costs and benefits of each proposed path.
Congress has now tasked the Commission with assessing strategies, including “deterrence, norms-based regimes, and active disruption of adversary attacks through persistent engagement,” to defend against cyber threats to U.S. national security and to the $19 trillion economy that underpins American power. Today, the United States is “years behind its rivals in cyberspace, both conceptually and operationally,” according to the findings of a Pentagon study, because U.S. cyber strategy is “stalled, self-limiting, and focused on tactical outcomes.” The Cyberspace Solarium Commission must assess potential pathways forward so that Washington can make a clear strategic choice lest the U.S. fall further behind.
No longer is the threat of a possible Soviet attack, but instead the daily battering of cyber attacks on private industry, government institutions, and civil society. China, Russia, Iran, and North Korea, as well as criminal and terrorist groups, have targeted U.S. banks, hospital systems, defense contractors, major commercial retail chains, the electric grid, academic institutions, nuclear power plants, the Office of Personnel Management, the State Department, and political campaigns. And yet, for the last two decades, the United States has lacked a coordinated approach to deter cybercriminals and malicious state actors on the one hand and to defend against attacks when deterrence is neither feasible nor effective on the other.
As the technological landscape evolves, Washington will likely have to revise its cyber strategies—just as greater missile precision during the Cold War led to a shift from counter-value to counter-force strategies, from pointing imprecise bombs at population centers to aiming smart missiles at military command and control centers. Taking the time and effort to do the commission’s hard thinking now will enable Washington to make these shifts as smoothly as possible down the road.
In the cyber realm, the government has a monopoly neither on the weapons of war nor cyber defense capabilities. During the Cold War, the private sector would likely have served as little more than collateral damage in a nuclear showdown between superpowers. But today, private industry is on the front lines, not only as the victim but also as the purveyor of technological defense solutions and sometimes even counter-weapons. If the Cyber Solarium Commission operates in a vacuum without close collaboration with the private sector, it risks divorcing strategic vision from technical capabilities.
Eisenhower sought to challenge the U.S. government to rethink its assumptions about Soviet behavior and create a new national security policy rooted in rigorous analysis and forethought. The result of Project Solarium was not a major overhaul of U.S. policy, but a coalescence of thought on the threats posed, the resources available, and a cohesive implementation of a strategy that would muster all resources available to combat the threat. The Cyberspace Solarium Commission has the opportunity to create a new consensus around cyber defense and offense. To ignore Congress' mandate and continue forward on the current trajectory guarantees America will fail to meet threats emerging in the cyber realm.
Annie Fixler is the senior project manager of the Cyber-Enabled Economic Warfare project at the Foundation for Defense of Democracies, where Tyler Stapleton serves as the deputy director of congressional relations.