In our latest Distilling Cyber Policy podcast episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Mark Montgomery, Senior Director and Senior Fellow at the Foundation for the Defense of Democracies (FDD). At FDD, Mark leads CSC 2.0, an initiative that works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he served as executive director. 

The discussion began with a brief history of the Cyberspace Solarium Commission and its March 2020 report, which led to significant executive and legislative action to improve cybersecurity in the U.S. More than 70% of the report’s 82 recommendations have been or are undergoing implementation, with noteworthy successes including the release of the National Cybersecurity Strategy and the associated Implementation Strategy, the National Cyber Workforce and Education Strategy, and the creation of the Bureau of Cyberspace and Digital Policy at State - amongst others. 

Mark notes that while CSC 2.0 was set up to continue tackling the report’s recommendations, they are now generating new white papers and recommendations focused on oft-neglected sectors like water utilities and healthcare, especially in rural areas across the U.S. 

Jen and Alex highlight the importance of legislative support in enacting cybersecurity policy in the U.S., and query whether the departures of former Rep. Jim Lanegvin - who joined us for an episode in Season 1 - and soon-to-be-former Rep. Mike Rogers (R-AL) will hinder progress. 

Mark reassures our hosts by highlighting a number of other leading Congressional voices working on important cybersecurity issues, including Sen. Jacky Rosen (D-NV), Sen. Mike Rounds (R-SD), Sen. Gary Peters (D-MI), Rep. Andrew Garbarino (R-NY) and Rep. Chrissy Houlahan (D-PA). We thank them for their continued work on cyber issues, and if they would ever like to join us on the podcast to talk about an important cyber policy issue, they have an open invitation! 

In addition, this week’s episode features a selection of recent cyber news, including:

  • The release of NIST’s CSF 2.0, the long-awaited update to one of the most influential and widely adopted cybersecurity frameworks in the world.    
  • The launch of two public consultations from the UK Government
  • The first is seeking input and evidence on cybersecurity and economic growth.
  • The second one is form the UK Home Office and seeks input from technology companies on the cyber duty to protect, focusing on the areas of i) reducing unauthorized access through improving security of account login processes; ii) hardening data held by providers to mitigate the risks of data breaches and; iii) reducing the presence of malicious websites/servers through voluntary interventions by Internet Infrastructure Providers (IIPs). 

Finally, our Mystery Trivia Master is the fantastic Tatyana Bolton, current Security Policy Manager at Google and former Senior Policy Director at the Cyberspace Solarium Commission. 

Check out the newest Distilling Cyber Policy episode on Spotify, Apple, or Google. As always, if you would like to submit cyber policy trivia, or have topic ideas for upcoming episodes, please email

Ines Jordan-Zoob

Read Next

Cybersecurity Coalition Announces CyberNext Brussels

The Cybersecurity Coalition has announced the inaugural CyberNext Brussels conference taking place March 21 at the Stanhope Hotel Brussels.

EU’s Digital Markets Act Puts the Security Onus on Mobile Users

In our latest paper, we discuss the impact of the EU’s mobile app store provisions of the Digital Markets Act, which requires mobile operating systems open up more options for users to install apps, potentially also adding security threats.

Trusted App Stores: Protecting Security and Integrity

The mobile app store provisions of the DMA could undermine foundational security in the mobile phone ecosystem. The Center is concerned that a proliferation of ways to install apps will be overwhelming to users and open avenues for bad actors.