The Cyberspace Solarium Commission (CSC), a congressionally mandated body designed to review the U.S. government’s cybersecurity progress, released a landmark report in 2020 that offered concrete recommendations to bolster cybersecurity policy and build a more resilient nation. 

Since then, both the executive and legislative branches have taken significant strides in advancing U.S. cybersecurity. From establishing the Office of the National Cyber Director, creating the State Department’s Bureau of Cyberspace and Digital Policy to issuing a National Cyber Strategy, there are countless initiatives and efforts we can point to that check the boxes and indicate productive change.

But, have these efforts been enough? Where are the U.S. government’s shortfalls?

In the recently released CSC progress report detailing which recommendations have been implemented and which haven’t, the report acknowledges that without the efforts that have been made, the country would not be as advanced, resilient, or capable. More work, however, needs to be done.

In detailing the report’s recommendations:

• 116 of 42 are considered fully implemented
• 36 are nearing implementation
• 26 are considered to be on track to completion on some level, 
• 11 recommendations show limited progress

Among the suggestions that haven’t been successful include:

• Establishing a five-year term for the CISA director
• Establishing a Bureau of Cyber Statistics
• Passing a national breach notification law
• Re-establishing the Congressional Office of Technology Assessment and more

Notably, only one recommendation is seen as facing “significant barriers” and that is the creation of a House Permanent Select and a Senate Select Committee on Cybersecurity. The report notes that “significant pushback” against the creation of this committee continues for the third year, but there is drafted legislative language in case an emergency occurs that “might create the political impetus to overcome existing barriers.”

Overall, the report demonstrates that cybersecurity is a policy domain where leaders from both sides of the aisle can cross party lines and collaborate to create bipartisan wins. Despite political agendas and disputes, it must remain an ongoing priority. 

For lasting success, these recommendations should not be treated as mere checkboxes, but should instead be accompanied by intentional implementation, coupled with the necessary resources and partnerships to strengthen U.S. cybersecurity. As our adversaries persist in their efforts to gain an advantage, it’s more important than ever that the legislative and executive branches unite, prioritize, and take decisive action to safeguard the nation's digital defenses and secure our future in the interconnected world of cybersecurity.