The Cyberspace Solarium Commission (CSC), a congressionally mandated body designed to review the U.S. government’s cybersecurity progress, released a landmark report in 2020 that offered concrete recommendations to bolster cybersecurity policy and build a more resilient nation. 

Since then, both the executive and legislative branches have taken significant strides in advancing U.S. cybersecurity. From establishing the Office of the National Cyber Director, creating the State Department’s Bureau of Cyberspace and Digital Policy to issuing a National Cyber Strategy, there are countless initiatives and efforts we can point to that check the boxes and indicate productive change.

But, have these efforts been enough? Where are the U.S. government’s shortfalls?

In the recently released CSC progress report detailing which recommendations have been implemented and which haven’t, the report acknowledges that without the efforts that have been made, the country would not be as advanced, resilient, or capable. More work, however, needs to be done.

In detailing the report’s recommendations:

  • 116 of 42 are considered fully implemented
  • 36 are nearing implementation
  • 26 are considered to be on track to completion on some level, 
  • 11 recommendations show limited progress

Among the suggestions that haven’t been successful include:

  • Establishing a five-year term for the CISA director
  • Establishing a Bureau of Cyber Statistics
  • Passing a national breach notification law
  • Re-establishing the Congressional Office of Technology Assessment and more

Notably, only one recommendation is seen as facing “significant barriers” and that is the creation of a House Permanent Select and a Senate Select Committee on Cybersecurity. The report notes that “significant pushback” against the creation of this committee continues for the third year, but there is drafted legislative language in case an emergency occurs that “might create the political impetus to overcome existing barriers.”

Overall, the report demonstrates that cybersecurity is a policy domain where leaders from both sides of the aisle can cross party lines and collaborate to create bipartisan wins. Despite political agendas and disputes, it must remain an ongoing priority. 

For lasting success, these recommendations should not be treated as mere checkboxes, but should instead be accompanied by intentional implementation, coupled with the necessary resources and partnerships to strengthen U.S. cybersecurity. As our adversaries persist in their efforts to gain an advantage, it’s more important than ever that the legislative and executive branches unite, prioritize, and take decisive action to safeguard the nation's digital defenses and secure our future in the interconnected world of cybersecurity.

Tanvi Chopra

Read Next

The Clock’s Ticking: Why CISA 2015 Must Be Renewed Now

As the September 2025 expiration of CISA 2015 looms, Congress faces a critical decision that will shape the future of national cyber defense. At a time when the U.S. is under near constant cyber attacks, government and industry need to share intel.

Cybersecurity Coalition, CR2 Comment on EU Cybersecurity Act Revision Consultation

The Cybersecurity Coalition and the Coalition to Reduce Cyber Risk submitted comments to the European Union Directorate-General for Communications Networks, Content and Technology’s open consultation on revisions to the Cybersecurity Act.

New Cybersecurity Executive Order, Same Mission: Protecting America's Digital Infrastructure

Since taking office speculation has swirled on what President Trump would do on cybersecurity. A new EO upholds previous messaging and underscores that cybersecurity isn't a partisan battle; it demands nonpartisan solutions to protect the nation.