Several cybersecurity proposals are advancing in both the US House and Senate that flow from the prolific work of the public-private brainstorming initiative called the Cyberspace Solarium Commission. The Commission was formed in 2019 to break through the seemingly intractable barriers blocking the path to devising and implementing practical solutions to the most challenging cybersecurity problems.The vehicle through which the commission hopes to enact several dozen of its legislative recommendations (out of 75 recommendations included in its inaugural report this past spring) is the National Defense Authorization Act (NDAA), an annual \u201cmust-pass\u201d federal law that sets the budget and expenditures for the US military. The commission\u2019s executive director Mark Montgomery estimated earlier this month that each chamber\u2019s bills would feature eight to 20 of the commission\u2019s recommendations.On the House side, members voted on at least 11 amendments to the NDAA related to the Solarium Commission, including a study on the cybersecurity insurance market and expanded use of the DMARC (Domain-based Message Authentication, Reporting, and Conformance) security standard among email providers. The House also approved an amendment to create a National Cyber Director, strengthen CISA authorities, and set a five-year term for CISA director, among other provisions that originate from the commission\u2019s recommendations.The Senate version of the NDAA, passed last Thursday, features at least a dozen amendments \u201cadvancing the Department of Defense\u2019s cybersecurity strategy, including implementing recommendations from the Cyberspace Solarium Commission.\u201d The speed with which the Solarium Commission has managed to turn its recommendations, which only emerged in March, into actual legislation is rare on Capitol Hill and even more rare for a thorny, complex topic such as cybersecurity.Will budgetary concerns hamper cybersecurity legislation?The crumbling US economy and continued political strife may limit funding of all but the most mandatory congressional initiatives. In terms of which commission recommendations should be given priority given the likely looming budget constraints, \u201cI would say the assistant secretary position at the State Department as well as the bureau that was under that person\u201d is top of the list, Cyberspace Solarium Commission member Congressman Jim Langevin (D-RI) tells CSO.We need to build cyber norms and enforce those cyber norms.The State Department had until recently an office of international cybersecurity policy headed by diplomat Christopher Painter, a resource that the White House eliminated early in the administration. \u201cCyber is not just a US problem; it\u2019s an international problem,\u201d Langevin says. \u201cWe need to build cyber norms and enforce those cyber norms.\u201dThe other Solarium proposals that rate high on Langevin\u2019s priority list include establishing a national risk management cycle and clarifying the roles of sector risk management agencies along with maintaining a continued focus on IT modernization and cloud migration. \u201cIt\u2019s something we\u2019ve seen in the time of COVID. We are acutely aware that many states have antiquated IT infrastructure. It\u2019s difficult to update, modernize, and defend in the event of cyberattacks. You want to incentivize companies to move their data to the cloud,\u201d he says.Some experts are optimistic that most of the current Solarium-related legislative proposals will make it into the NDAA. \u201cI think at the end of the day a lot of the recommendations of the commission will make it into the NDAA,\u201d Jamil Jaffer, consultant to the commission, executive director of the National Security Institute and a senior vice president at IronNet Cybersecurity, tells CSO. \u201cA lot of the stuff about DOD and CISA, stuff about strengthening authorities, is likely to get in just because most of it is like motherhood and apple pie,\u201d he says. \u201cThere are a lot of pieces that are fairly straightforward.\u201dSome of the more challenging Solarium Commission recommendations could meet with resistance. \u201cThe real question is, what about the bigger pieces? What about the national cyber director? What about the joint collaborative environment?\u201d Jaffer says. (The joint collaborative environment is a cloud platform that shares threat information across the federal government and the private sector.)Collective defense a \u201cgame-changing piece\u201dAnother idea advanced by the Solarium Commission, and most notably promoted by Jaffer\u2019s boss at IronNet, General (Ret) Keith B. Alexander, former head of both NSA and Cyber Command, is the notion of \u201ccollective defense,\u201d which involves both public and private organizations working together.\u201cThe provisions on collective defense is really one of the game-changing pieces,\u201d Jaffer says. \u201cNo single company standing alone can possibly be expected to defend themselves against nation-state attackers. It\u2019s an unwinnable fight.\u201dRegarding how the Solarium Commission has managed to be so successful turning its recommendations into legislative reality, \u201cthe genius is in how it\u2019s structured,\u201d Jaffer says. \u201cThey picked people who other members of the House and Senate would listen to. Then they picked just a bunch of rock star outside experts. What\u2019s amazing is that they were able to get consensus on all these things.\u201dNow that both the House and Senate have passed their versions of the NDAA, congressional negotiators will take several weeks to hammer out the differences between the two bills. At that point, it will become clearer just how many of the Solarium Commission\u2019s recommendations survive.One wrinkle in both the process and timing of the bill is President Trump. He has threatened to veto the NDAA unless the provisions in both bills that call for renaming military bases currently named after confederate generals are eliminated. The House passed the NDAA by a vote of 295 to 125, while the Republican-dominated Senate overwhelmingly voted 86 to 14 in favor of their text. If Trump were to veto the final bill, these margins suggest that Congress would likely override his veto, which would be the first such rejection of the Trump administration.