In our latest Distilling Cyber Policy podcast episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Mark Montgomery, Senior Director and Senior Fellow at the Foundation for the Defense of Democracies (FDD). At FDD, Mark leads CSC 2.0, an initiative that works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he served as executive director. 

The discussion began with a brief history of the Cyberspace Solarium Commission and its March 2020 report, which led to significant executive and legislative action to improve cybersecurity in the U.S. More than 70% of the report’s 82 recommendations have been or are undergoing implementation, with noteworthy successes including the release of the National Cybersecurity Strategy and the associated Implementation Strategy, the National Cyber Workforce and Education Strategy, and the creation of the Bureau of Cyberspace and Digital Policy at State - amongst others. 

Mark notes that while CSC 2.0 was set up to continue tackling the report’s recommendations, they are now generating new white papers and recommendations focused on oft-neglected sectors like water utilities and healthcare, especially in rural areas across the U.S. 

Jen and Alex highlight the importance of legislative support in enacting cybersecurity policy in the U.S., and query whether the departures of former Rep. Jim Lanegvin - who joined us for an episode in Season 1 - and soon-to-be-former Rep. Mike Rogers (R-AL) will hinder progress. 

Mark reassures our hosts by highlighting a number of other leading Congressional voices working on important cybersecurity issues, including Sen. Jacky Rosen (D-NV), Sen. Mike Rounds (R-SD), Sen. Gary Peters (D-MI), Rep. Andrew Garbarino (R-NY) and Rep. Chrissy Houlahan (D-PA). We thank them for their continued work on cyber issues, and if they would ever like to join us on the podcast to talk about an important cyber policy issue, they have an open invitation! 

In addition, this week’s episode features a selection of recent cyber news, including:

  • The release of NIST’s CSF 2.0, the long-awaited update to one of the most influential and widely adopted cybersecurity frameworks in the world.    
  • The launch of two public consultations from the UK Government
  • The first is seeking input and evidence on cybersecurity and economic growth.
  • The second one is form the UK Home Office and seeks input from technology companies on the cyber duty to protect, focusing on the areas of i) reducing unauthorized access through improving security of account login processes; ii) hardening data held by providers to mitigate the risks of data breaches and; iii) reducing the presence of malicious websites/servers through voluntary interventions by Internet Infrastructure Providers (IIPs). 

Finally, our Mystery Trivia Master is the fantastic Tatyana Bolton, current Security Policy Manager at Google and former Senior Policy Director at the Cyberspace Solarium Commission. 

Check out the newest Distilling Cyber Policy episode on Spotify, Apple, or Google. As always, if you would like to submit cyber policy trivia, or have topic ideas for upcoming episodes, please email

Ines Jordan-Zoob

Read Next

Research Needed for the Good and Bad AI Cybersecurity Use Cases

When implemented properly, artificial intelligence is a vital tool for cybersecurity but more public research is essential to understand and monitor a diverse array of AI systems and their potential – for good and bad.

CISA Promotes Secure by Design Principles with Industry Pledge

CISA announced its “Secure by Design Pledge,” a voluntary commitment by software manufacturers to work towards implementing several cybersecurity best practices.

Center for Cybersecurity Policy and Law Launches Fellowship Program with Two Inaugural Cybersecurity Fellows

Donna Dodson and Mark Bohannon have been named the inaugural fellows for Center for Cybersecurity Policy and Law.