The congressional commission charged with bolstering U.S. cyber defenses has already seen plenty of its recommendations realized: the appointment of a national cyber director, increased CISA funding and a State Department cyber ambassador.
And a new report released Wednesday shows the Cyberspace Solarium Commission is on track to have 85% of all of its recommendations implemented with the remaining either facing some hurdles or “significant barriers.”
The commission progress report shows that nearly 60% of its original 82 recommendations have been fully or nearly implemented and more than 25% are on track to be realized. Apart from the progress, however, the momentum driving the initial completion of so many solarium-recommended initiatives first announced in March 2020 appears to have slowed, raising questions about whether all the recommendations will be put in place.
The commission’s original wish list of recommendations resulted from months of research during which time a team of industry and government experts along with lawmakers sought ideas and tactics for how to strengthen America’s digital resilience.
Last August, the CSC announced 75% of the original 82 recommendations (there are now 116 in total) had either been implemented or were on track to be implemented.
Solarium recommendations for how to bolster public-private partnerships and strengthen the government’s overall cyber ecosystem have gotten less traction than those in other areas, said former Cyberspace Solarium Commission Executive Director Mark Montgomery.
The commission recommended the establishment of a National Cybersecurity Certification and Labeling Authority, one example of an ecosystem-wide reform that hasn’t been implemented. Montgomery said he is particularly focused on pushing forward a proposal for what he and solarium commissioners see as an urgently needed Bureau of Cyber Statistics.
“We’re in the middle of the story here and we have a lot more to do,” Montgomery told CyberScoop. “Each year as you get away from the [original] report, we will get less and less done. And the question is, do we get enough done in the next two years to make a big difference?”
The latest cyber solarium report is a signal the U.S. “must remain laser-focused on not only enacting additional recommendations — such as codifying ‘Systemically Important Critical Infrastructure’ in this year’s NDAA (National Defense Authorization Act) — but also ensuring that these recommendations are implemented as efficiently as possible,” solarium co-chair Mike Gallagher, R-Wis., said in a statement to CyberScoop.