By the time the US Cyberspace Solarium Commission released its final report in March, global attention had turned toward containing a real-life virus and its economic fallout. While renewed emphasis on human security is overdue, cyber issues will remain central to the coronavirus response, to improved public health surveillance and to international security. So, did the Commission’s report live up to the hype?
Eisenhower’s Project Solarium
The 2020 Solarium Commission attempted to recreate the strategic policymaking of US President Dwight D. Eisenhower’s Project Solarium.
In 1953, Eisenhower directed a working committee of the National Security Council to undertake a six-week review of national security policy by three teams (Project Solarium). The USSR was closing the nuclear gap with the US. Eisenhower wanted fleshed-out policy options to respond. Hawks in Eisenhower’s administration were encouraging him to consider preventive war against the USSR while the US still had the nuclear edge.
In Project Solarium, each team was given a position and asked to thoroughly explore its implications.
Team A (led by George F. Kennan of Long Telegram fame) argued for playing a long game against the USSR, bolstering alliances and forgoing any meaningful cuts to defense spending. Of the three teams’ approaches, Team A’s approach represented the most continuity with the Truman administration’s policy of containment.
Team B (led by atomic weapons expert Major General James McCormack) explored drawing a line around geographical areas of core interest to the US and communicating to the USSR that crossing these lines would result in an American nuclear attack on the USSR.
Team C (led by Vice Admiral Richard Conolly, President of the Naval War College) advocated for vigorously countering Soviet influence globally, using economic, diplomatic and covert means, and accepting the resulting risk of military confrontation. Team C was skeptical of the assertion that the USSR’s economic model would, in time, cause it to self-destruct.
NSC 162/2, the statement of national security policy resulting from Project Solarium, included elements of all three approaches.
Eisenhower accomplished three goals with Project Solarium. First, he ruled out the idea of preventive war against the USSR, partly due to concerns about the post-war devastation that would follow an American victory in a nuclear war with the USSR. Second, by emphasizing nuclear deterrence in his national security policy, he struck a balance between military strength and fiscal responsibility. Third, he rallied hawkish and moderate factions in his Cabinet around a consensus policy.
2020 Cyberspace Solarium Commission Report
Informed by an exercise modeled on Eisenhower’s Project Solarium, red team exercises and hundreds of interviews with experts, the 2020 Cyberspace Solarium Commission recommended a strategy of layered cyber deterrence. The three, interconnected elements of layered cyber deterrence are: shaping acceptable cyber behavior by strengthening norms, denying benefits to attackers and imposing costs on adversaries.
The Solarium Commission’s lengthy final report included over 80 recommendations organized in six pillars. To align with its recommended strategic posture, the Commission recommended reorganizing the US Government’s cyber organizations and improving public-private collaboration on cyber.
There are several key differences between the 1953 Project Solarium and the 2020 Solarium Commission. First, Project Solarium was far more concerned with budgets: each team was required to submit a detailed budget to support its recommendations and budget considerations were central to the strategy of nuclear deterrence. Second, the 2020 Solarium Commission’s recommended initiatives require close US Government coordination with the private sector, since most cyber activity occurs in the private sector. This was not the case with nuclear weapons policy in 1953. Third, and related, Project Solarium was a secret while the 2020 Solarium Commission’s final report is public.
Differences aside, in both 1953 and 2020, policymakers used the exercises to build consensus among competing approaches, resulting in compromise strategies. Here is the 2020 Solarium Commission’s visualization of its layered deterrence approach:
To date, the US cyber debate has included three different approaches. These emphasize, respectively: building strong global norms of acceptable cyber behavior, deterring cyberattacks and imposing costs on adversaries. Per commentators, the Trump administration favors the third approach. There is spirited competition between the deterrence and cost-imposition approaches, which some thinkers consider mutually exclusive.
By recommending a strategy that encompasses all three approaches, the Cybersecurity Solarium Commission invited the ire of academics. However, before its efforts were paused by the coronavirus, the Commission forged consensus among people with different views.