Washington Needs a New Solarium Project To Counter Cyberthreats

President Eisenhower confronted the unprecedented nuclear threat of the 1950s with a novel exercise. The United States needs a similar approach to tackle today's cyber threats.

Supreme Commander of the Allied Forces and future U.S. president, General Dwight D. Eisenhower (L) with British Field Marshal Bernard Montgomery (R), his deputy commander, in an unknown location in June 1944 after Allied forces stormed the Normandy beaches.
Supreme Commander of the Allied Forces and future U.S. president, General Dwight D. Eisenhower (L) with British Field Marshal Bernard Montgomery (R), his deputy commander, in an unknown location in June 1944 after Allied forces stormed the Normandy beaches.
Supreme Commander of the Allied Forces and future U.S. president, General Dwight D. Eisenhower (L) with British Field Marshal Bernard Montgomery (R), his deputy commander, in an unknown location in June 1944 after Allied forces stormed the Normandy beaches.

Sometimes the most significant legislative measures get the least attention at the time of passage. That may be the case with the Cyberspace Solarium Commission mentioned in the National Defense Authorization Act that was passed on June 18 by the U.S. Senate. Tucked into the bill crafted and sponsored by Sen. Ben Sasse (R-Neb.), the commission may not garner many headlines, but it could galvanize a strategic paradigm shift.

If the idea survives the House-Senate conference process and gets signed into law — and we very much hope it does — it could lead to the creation of the institutions, doctrines, resources, and strategy that the United States needs desperately in the realm of cybersecurity. As New York Times national security correspondent David Sanger argued in a recent essay, the United States is woefully unprepared for the age of cyberconflict.

The perennial challenge for senior officials attempting to craft long-term strategy is not letting urgent matters crowd out important ones. In this particularly tumultuous time, just keeping pace with breaking headlines exhausts policymakers and leaves them little bandwidth for strategic reflection.

Sometimes the most significant legislative measures get the least attention at the time of passage. That may be the case with the Cyberspace Solarium Commission mentioned in the National Defense Authorization Act that was passed on June 18 by the U.S. Senate. Tucked into the bill crafted and sponsored by Sen. Ben Sasse (R-Neb.), the commission may not garner many headlines, but it could galvanize a strategic paradigm shift.

If the idea survives the House-Senate conference process and gets signed into law — and we very much hope it does — it could lead to the creation of the institutions, doctrines, resources, and strategy that the United States needs desperately in the realm of cybersecurity. As New York Times national security correspondent David Sanger argued in a recent essay, the United States is woefully unprepared for the age of cyberconflict.

The perennial challenge for senior officials attempting to craft long-term strategy is not letting urgent matters crowd out important ones. In this particularly tumultuous time, just keeping pace with breaking headlines exhausts policymakers and leaves them little bandwidth for strategic reflection.

Yet paradoxically, strategy becomes all the more important in a time of crisis. Indeed, a well-conceived set of strategic principles can serve as both ballast in turbulent waters and a lighthouse guiding the way. And when many policymakers and cyber-experts believe that the multiple low-to-midlevel cyberattacks the United States has already suffered (such as the Office of Personnel Management hack, regular Chinese and Russian efforts to penetrate U.S. national security infrastructure, and Russia’s past and ongoing interference in the U.S. political system) are a harbinger of more serious ones to come.

One of the underappreciated advantages of the United States’ structure of government lies in the capacity of Congress to generate institutional reforms that the executive branch is either unwilling or unable to undertake. Congress has a history of initiating important strategic reviews and restructurings, such as the National Security Act of 1947, the Goldwater-Nichols defense reform act of 1986, and the creation of the 9/11 Commission and the subsequent Intelligence Reform and Terrorism Prevention Act of 2004. Though each of these had its problems, each also forced the executive to undertake painful yet ultimately necessary strategic reforms that in the end strengthened U.S. national security.

If properly led and implemented, the Sasse proposal for a Cybersecurity Solarium Commission could make a similarly timely and consequential contribution to national security. The NDAA provision self-consciously draws inspiration from President Dwight D. Eisenhower’s iconic Project Solarium exercise in 1953.

Solarium divided its participants into three teams of senior experts, each with a mandate to develop and defend a new and different U.S. strategy in response to the Soviet nuclear threat, then at a parallel stage to today’s cyberthreats. At the time, the United States and the Soviet Union were far enough into the contest for its dimensions to be evident, but not so far that strategic responses were set in stone.

The nuclear threat was so new that it demanded fresh thinking about history. So too with cyberwarfare. Eisenhower was drawn to the Solarium exercise precisely because history offered little explicit guidance other than the bracing clarification that the United States was in uncharted territory. As one of us has written elsewhere:

Upon being sworn into office, Eisenhower’s assessment of the national security challenges facing his Administration emphasized the unprecedented nature of the situation. Drawing on his own extensive military experience, Eisenhower realized that never before in history had the United States been in the role of a global superpower, in a bipolar system, in a nuclear age. … The prospect of global nuclear annihilation was not the only defining feature of this ahistorical age. Never before had the United States faced the challenge of maintaining domestic economic growth simultaneously with a substantial standing military that included permanent deployments overseas.

The Soviet leader, Joseph Stalin, died a few weeks after Eisenhower took office, adding even more uncertainty to the equation. Similarly, today, there is much that is unprecedented about cyber threats. Cyber is both a domain and an instrument. Unlike nuclear weapons — which demand the mobilization of tremendous resources by a nation-state — cybertools are available to otherwise impoverished and ill-resourced nations and nonstate actors. Unlike large-scale attacks with conventional weapons from a visible enemy, cyberattacks can wreak unfathomable carnage with uncertain origins and attribution.

Unlike armaments that belong exclusively to nation-states that maintain a monopoly on the use of force, some of the most advanced cyberweapons belong to private-sector companies. Unlike weapons of mass destruction, where there are strong taboos that have inhibited large-scale use, cyberweapons are used every day by states and nonstate actors and against states and nonstate actors.

The old joke needs to be updated. Back in the day, everyone was thinking about nuclear use, but no one was doing it. Today, it seems like everyone is using cyberweapons, but not enough policymakers are thinking about them.

To be sure, there is a fair degree of strategic analysis and thinking in academia, in think tanks, and in the relevant Cabinet departments and agencies. But this thinking has not accumulated into definable strategies that have buy-in from the White House or that have aligned roles and responsibilities across department and agency lines.

There are limits to the Solarium analogy, however. Eisenhower had some clear ideas on how he wanted nuclear strategy to go, and he structured the Solarium exercise to empower him to go in those directions. Neither the Obama nor the Trump administration has gone so far down the decision path, and so this commission may prove to be an enabling and action-forcing exercise, as Congress reasserts its Article 1 constitutional responsibility to “provide for the common defense.”

The United States cannot afford to wait. It is already clear that U.S. adversaries are willing to stage attacks in the cyber domain and believe they can do so with impunity: Witness Russia’s successful deterrence of the Obama administration from retaliating in 2016.

Advanced cyber capabilities and a willingness to run risks to use them are the common features of every major national security challenge facing the United States today, whether it is Iran, North Korea, Russia, or China. As a result, cyberthreats cast a long shadow over the full range of national security and foreign-policy issues, including trade, regional conflict, terrorism, and new great power rivalries.

Americans struggled to understand the nuclear threat from the Soviet Union. In an effort to overcome bureaucratic stovepipes and to catalyze fresh thinking, Eisenhower convened the Solarium exercise to help him assess and respond to an unprecedented national security challenge. With this new provision in the Senate version of the fiscal 2019 NDAA, Sasse has given the U.S. government the opportunity to make a similar landmark assessment and response.

Peter D. Feaver is a professor of political science and public policy at Duke University, where he directs the Program in American Grand Strategy.

Will Inboden is the executive director of the William P. Clements, Jr. Center for History, Strategy, and Statecraft at the University of Texas-Austin. He also serves as an associate professor at the LBJ School of Public Affairs and as a distinguished scholar at the Robert S. Strauss Center for International Security and Law.

More from Foreign Policy

Soldiers of the P18 Gotland Regiment of the Swedish Army camouflage an armoured vehicle during a field exercise near Visby on the Swedish island of Gotland on May 17.
Soldiers of the P18 Gotland Regiment of the Swedish Army camouflage an armoured vehicle during a field exercise near Visby on the Swedish island of Gotland on May 17.

What Are Sweden and Finland Thinking?

European leaders have reassessed Russia’s intentions and are balancing against the threat that Putin poses to the territorial status quo. 

Ukrainian infantry take part in a training exercise with tanks near Dnipropetrovsk oblast, Ukraine, less than 50 miles from the front lines, on May 9.
Ukrainian infantry take part in a training exercise with tanks near Dnipropetrovsk oblast, Ukraine, less than 50 miles from the front lines, on May 9.

The Window To Expel Russia From Ukraine Is Now

Russia is digging in across the southeast.

U.S. President Joe Biden and Secretary of State Antony Blinken participate in a virtual summit with the leaders of Quadrilateral Security Dialogue countries at the White House in Washington on March 12.
U.S. President Joe Biden and Secretary of State Antony Blinken participate in a virtual summit with the leaders of Quadrilateral Security Dialogue countries at the White House in Washington on March 12.

Why China Is Paranoid About the Quad

Beijing has long lived with U.S. alliances in Asia, but a realigned India would change the game.

Members of the National Defence Training Association of Finland attend a training.
Members of the National Defence Training Association of Finland attend a training.

Finns Show Up for Conscription. Russians Dodge It.

Two seemingly similar systems produce very different militaries.