The latest U.S. Cyberspace Solarium Commission (CSC) report, released this week, warned of “an unprecedented setback” in the United States’ ability to protect itself from threats, particularly due to reported budget and personnel cuts across key agencies like the Cybersecurity and Infrastructure Security Agency (CISA).

The commission was created by Congress in 2019 to create a strategy for bolstering U.S. defenses against “cyberattacks of significant consequences.” In 2020, the commission released 82 recommendations for increasing the nation’s resilience, which have been used over the past five years as a benchmark to measure progress.

Previous years have revealed varying levels of progress toward the recommendations, which encompass legislative, regulatory, and executive actions across several key areas - from private sector collaboration efforts to the promotion of national resilience. However, this past year, the report found that 35 percent of the 82 recommendations were fully implemented - down from the 48 percent of fully implemented recommendations last year. 

“For the first time, there has been a substantial reversal of the advances made in previous years,” according to an overview of the report by the Foundation for Defense of Democracies (FDD) which houses the CSC 2.0, an initiative to continue the work of the Cyberspace Solarium Commission.

Progress over the years. Source: FDD

The FDD said that historically, personnel turnover and shifts in priorities during presidential transitions have hindered cybersecurity progress – however, the recent personnel impacts to critical security federal agencies have “further eroded momentum.”

“This year’s assessment makes clear that technology is evolving faster than federal efforts to secure it,” according to Jiwon Ma, CCTI senior policy analyst with the FDD, and Mark Montgomery, CCTI senior director and senior fellow at the FDD, in an overview of the report. “Meanwhile, cuts to cyber diplomacy and science programs and the absence of stable leadership at key agencies like the Cybersecurity and Infrastructure Agency (CISA), the State Department, and the Department of Commerce have further eroded momentum.”

Here are some examples of recommendations that were previously considered ‘fully implemented,” which no longer hold that status:

  • Strengthen the Cybersecurity and Infrastructure Security Agency
  • Codify and strengthen the cyber threat intelligence integration center
  • Diversify and strengthen the federal cyberspace workforce
  • Strengthen norms of responsible state behavior in cyberspace 
  • Improve cyber capacity building and consolidate the funding of cyber foreign assistance
  • Commit significant and consistent funding toward research and development in emerging technologies

Moving forward, the report made several key recommendations to help improve U.S. cyber defense efforts in the future. These included strengthening the key authorities and agencies involved in providing security resources and shaping strategies for government agencies.

The CSC report suggested elevating the role of the Office of the National Cyber Director (particularly in an effort to unify and align fragmented regulatory cyber oversight initiatives), and restoring the workforce and funding for the State Department and for CISA, which has been significantly impacted by budget and personnel cuts.

”The administration should develop a plan of action and restore staffing and budget levels, with the goal of establishing and reinforcing CISA’s role as national coordinator for the security and resilience of critical infrastructure.Congress should provide multiyear funding stability to prevent further erosion of capacity,” according to the CSC report. “Empowering CISA strengthens the administration’s hand in deterring adversaries and demonstrates visible leadership in keeping the country safe.”

Additionally, the CSC report recommended that the government restore support for public collaboration efforts, particularly pointing to a recent decision to eliminate the Critical Infrastructure Partnership Advisory Council (CIPAC), which has aimed to improve information sharing between the government and private-public sector partners. 

“If the Department of Homeland Security (DHS) fails to immediately reinstate CIPAC, Congress should intervene to restore clear legal protections for industry-government dialogue,” according to the report. “Congress should also pass a long-term reauthorization of existing cybersecurity information sharing protections.”

  • Recent Posts

  • Recent Comments

    No comments to show.