The Cyberspace Solarium Commission is a unique policy initiative created in 2019 to cut through the complexity of the vast and dense cybersecurity challenges facing the country. It is composed of lawmakers and government officials from across several agencies who, working with outside experts, are devising \u201ca strategic approach to defending the United States in cyberspace against cyberattacks of significant consequences.\u201d The high-profile focal point group came out this spring with an ambitious report that offered 75 recommendations to keep the country safe from digital threats.Last week, the commission took its prerogative one step further. It came out with its first white paper, Lessons from the Pandemic, a timely document articulating the changes the COVID-19 crisis creates for cybersecurity.\u00a0 The pandemic \u201cillustrates the challenges of ensuring resilience and continuity in a connected world,\u201d co-chairs Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI), wrote in their executive summary of the white paper.The white paper contains observations about the parallel connections between cybersecurity and the pandemic. It stresses 32 of the commission\u2019s original recommendations, which King and Gallagher said have attained \u201crenewed importance\u201d in light of the coronavirus crisis.The white paper also contains four new recommendations, including the need to:Pass an internet of things (IoT) security lawProvide significant support for non-profits that assist law enforcement\u2019s cybercrime and victim support effortsEstablish a social media data and threat analysis centerIncrease non-governmental capacity to identify and counter foreign disinformation and influence campaignsRemote work drives need for IoT securityIn terms of how the pandemic has altered cybersecurity, \u201cthere has been a massive shift to move to remote work, forcing companies to rely on in-home consumer electronics as their employees log in from home,\u201d the report noted. It is this radical shift to working from home that drives the new Solarium Commission recommendation to pass an IoT security law. The law should focus on known challenges, such as insecurity in Wi-Fi routers, and mandate that the devices have reasonable security measures as determined by NIST guidelines.Increased online fraud makes people feel less secureAnother nexus between the COVID crisis and cybersecurity that spurs the second new recommendation is the rise in online frauds and scams that have increased during the pandemic. \u201cCyber threat actors\u2019 flagrant conduct during this pandemic reveals that while their tactics and targets have not dramatically changed, they are able to take greater advantage of increasingly vulnerable businesses, governments, and individuals to steal information, defraud their targets, and make Americans feel insecure online,\u201d the report states.As a consequence, non-profits that help law enforcement deal with cybercrime and victim support should receive more support, the Solarium Commission says. Because these often-helpful organizations frequently face financial challenges, \u201cthe Commission recommends that congress provide grants through the Department of Justice\u2019s Office of Justice Programs to help fund these essential efforts.\u201dDisinformation a growing threatThe third and fourth new recommendations spelled out in the pandemic white paper flow from \u201cthe \u00a0imperative that the United States possess the capacity to identify highly dangerous disinformation activities and make them known both to the platforms that enable the activities and to the general public.\u201dTo that end, the commission supports the provision in the FY2020 National Defense Authorization Act that authorizes the Office of the Director of National Intelligence to establish and fund a Social Media Data and Threat Analysis Center (DTAC) to counter foreign influence operations against the United States. The report also recommends that the Department of Justice, in consultation with DHS and the National Science Foundation, provide grants to non-profit centers \u201cseeking to identify, expose, and explain malign foreign influence campaigns to the American public while putting those campaigns in context to avoid amplifying them.\u201dSpeed and agility needed to counter threatsThe speed with which the Solarium Commission developed a new view of cybersecurity challenges based on the changes sparked by the virus underscores its value, according to Casey Ellis, CEO, and founder of bug bounty company BugCrowd, who advises a number of the commission\u2019s members. \u201cIt really is an advisory committee\u2026that allows agility and allows speed,\u201d he tells CSO.\u201cIn terms of responsiveness to the pandemic, it became very obvious to people who work in cyber risk that COVID was going to change a lot of things from a risk management and risk assessment standpoint,\u201d Ellis says. \u201cPatterns of human behavior have changed; patterns of communications have changed. Speed is the traditional enemy of security. The fact that we had to do all this so suddenly implies there are going to have to be decisions made in a hurry that might have negative security impacts to them. All that adds up to a whole lot of momentum in the Solarium group to basically speak to those changes.\u201dSpeed and agility are likely critical to addressing cybersecurity challenges emerging from America\u2019s latest major crisis, the national reckoning over racism following the death of George Floyd. \u201cThe thing that COVID did was change the attack surface. I think the thing that the unrest has done over the past two weeks is kind of retrigger a rethink on who the attackers might be,\u201d Ellis says. \u201cThere are people in the Solarium working on the problem space. I would suspect you would see another follow up along these same lines very promptly.\u201dJonathan Reiber, senior director, cybersecurity strategy and policy at enterprise security company AttackIQ, is a big proponent of the Solarium Commission\u2019s recommendations. But Reiber, who has also served as the Department of Defense\u2019s CSO for Cyber Policy and has advised the Commission, warns that the economic crisis precipitated by the pandemic won\u2019t leave enough government resources to tackle the commission\u2019s many recommendations. \u201cWe\u2019re now going to head into a period of severe budgetary drawdowns for a significant period. The government won\u2019t feel it for about eight months or so,\u201d he tells CSO. \u201cSo, rather than try to achieve everything in the recommendations, they need to focus on a few.\u201dOne top priority should be to increase public-private partnerships, Reiber recommended. \u201cPublic-private partnerships can enhance visibility to counter and blunt incoming attacks and do it at no cost to the government.\u201dAnother critical priority in Reiber\u2019s view is to promote key leaders within the government to manage high-impact projects. \u201cIn the white paper, they talk about expanding the Cybersecurity Infrastructure and Security Agency [CISA] under DHS. That agency is really important, but I think that promoting and enabling an expert within the White House to serve as a national cybersecurity coordinator, I would definitely propose that right now.\u201dFor now, congress is beginning to mark up the fiscal 2021 National Defense Authorization Act (NDAA), which will likely contain some of the many recommendations put forth by the Solarium Commission. However, it\u2019s unclear which proposals will make the cut. The full Senate Armed Services Committee markup is slated for Wednesday, and the House is expected to take up the 2021 NDAA later this month.