The Cyberspace Solarium Commission (CSC), a congressionally mandated body designed to review the U.S. government’s cybersecurity progress, released a landmark report in 2020 that offered concrete recommendations to bolster cybersecurity policy and build a more resilient nation.
Since then, both the executive and legislative branches have taken significant strides in advancing U.S. cybersecurity. From establishing the Office of the National Cyber Director, creating the State Department’s Bureau of Cyberspace and Digital Policy to issuing a National Cyber Strategy, there are countless initiatives and efforts we can point to that check the boxes and indicate productive change.
But, have these efforts been enough? Where are the U.S. government’s shortfalls?
In the recently released CSC progress report detailing which recommendations have been implemented and which haven’t, the report acknowledges that without the efforts that have been made, the country would not be as advanced, resilient, or capable. More work, however, needs to be done.
In detailing the report’s recommendations:
- 116 of 42 are considered fully implemented
- 36 are nearing implementation
- 26 are considered to be on track to completion on some level,
- 11 recommendations show limited progress
Among the suggestions that haven’t been successful include:
- Establishing a five-year term for the CISA director
- Establishing a Bureau of Cyber Statistics
- Passing a national breach notification law
- Re-establishing the Congressional Office of Technology Assessment and more
Notably, only one recommendation is seen as facing “significant barriers” and that is the creation of a House Permanent Select and a Senate Select Committee on Cybersecurity. The report notes that “significant pushback” against the creation of this committee continues for the third year, but there is drafted legislative language in case an emergency occurs that “might create the political impetus to overcome existing barriers.”
Overall, the report demonstrates that cybersecurity is a policy domain where leaders from both sides of the aisle can cross party lines and collaborate to create bipartisan wins. Despite political agendas and disputes, it must remain an ongoing priority.
For lasting success, these recommendations should not be treated as mere checkboxes, but should instead be accompanied by intentional implementation, coupled with the necessary resources and partnerships to strengthen U.S. cybersecurity. As our adversaries persist in their efforts to gain an advantage, it’s more important than ever that the legislative and executive branches unite, prioritize, and take decisive action to safeguard the nation's digital defenses and secure our future in the interconnected world of cybersecurity.
Read Next
CDM 2.0: Advancing Federal Cybersecurity
As federal agencies modernize IT systems, the Continuous Diagnostics and Mitigation Program must as well. This paper details recommendations on how CDM can evolve to meet new demands and threats.
Digital Evidence in Europe: Persistent Challenges, Practical Solutions
"Digital Evidence in Europe: Persistent Challenges, Practical Solutions" focuses on the transformative opportunity — and challenges ahead — presented by the EU’s upcoming e-Evidence framework.
S3 Ep 02: International Cyber Regulatory Alignment, UK Cyber Resilience
In the latest Distilling Cyber Policy podcast our hosts continue the season’s run of returning guests with a conversation featuring Irfan Hemani, discussing international cyber regulatory alignment and the growing challenge of overlapping rules.
