The Cyberspace Solarium Commission: A Five-Year Retrospective
When the landmark Cyberspace Solarium Commission published its first report on the state of U.S. cybersecurity five years ago, it detailed over 80 recommendations aimed at countering the growing threats to critical infrastructure. Cybercrime and nation-state attacks pose a formidable threat, making it crucial for the U.S. to bolster its cybersecurity efforts.
Ongoing Mission: CSC 2.0
Although the original bipartisan commission concluded its work in 2021, its mission continues under the CSC 2.0 project. Managed by the Center on Cyber and Technology Innovations at the Foundation for Defense of Democracies, this initiative continuously assesses security improvements and measures the federal response to identified concerns.
Declining Momentum in Cybersecurity
Over the years, the commission and its successor have published annual reports highlighting progress toward achieving the original goals. However, recent assessments indicate a troubling trend: the U.S. government appears to be regressing.
The 2025 Annual Report on Implementation, released in October, underscores how federal budget cuts, shifting priorities, and difficulties in hiring qualified tech professionals are hampering efforts against cybercrime and nation-state espionage.
Challenges Ahead
In the report’s foreword, former commission co-chairman Sen. Angus King and executive director Mark Montgomery observed, “Technology is evolving faster than federal efforts to secure it.” Cuts to cyber diplomacy and science programs, along with unstable leadership at agencies like the Cybersecurity and Infrastructure Security Agency (CISA), further impede progress.
For cybersecurity insiders, hiring challenges at a time when private sector firms struggle to fill open roles create a perfect storm of vulnerabilities and unanswered threats. Marcus Fowler, CEO of Darktrace Federal, articulated the sentiment succinctly: “There are massive numbers of unfilled cybersecurity roles across the United States.”
Legislative Solutions: Cyber PIVOTT Act
Recent proposals, such as the Cyber PIVOTT Act, aim to address these gaps. This legislation would offer scholarships for two-year degrees in cybersecurity for those committing to work in federal, state, local, or tribal agencies for two years. Fowler emphasized its potential to develop a skills-based talent pipeline essential for today’s economy.
He elaborated, “The recent Cyber PIVOTT Act is a critical step toward closing this gap by creating smarter workforce development pathways.”
Recommendations for Improving U.S. Cybersecurity
The 2025 CSC 2.0 report highlights several areas where immediate action can be taken by the White House and Congress:
- Increase National Cyber Director’s Authority: Strengthen oversight to ensure uniform cybersecurity policies across government agencies.
- Restore CISA’s Budget: Reverse cuts to stabilize and enhance CISA’s capabilities.
- Reinstate the State Department Bureau of Cyberspace and Diplomacy: Essential for international cybersecurity collaboration.
- Revive the Critical Infrastructure Partnership Advisory Council (CIPAC): This council facilitated communication between the government and private sector, crucial for security measures.
- Expand the Cybersecurity Talent Pool: More recruitment strategies are needed to attract skilled professionals into government roles.
While these recommendations may seem straightforward, they remain vital for the protection of the nation’s critical infrastructure. Ed Covert, vice president at Fenix24, emphasized, “Cutting the budget and federal workforce in cybersecurity risks leaving the country vulnerable to attacks.”
Staffing Challenges in Cybersecurity
Staffing levels and recruitment are growing concerns as threat actors exploit vulnerabilities in under-patched networks. Tim Mackey, head of software supply chain risk strategy at Black Duck, pointed out, “If staffing levels are reduced, automation can only help for so long.” The staffing reductions at agencies like CISA, and the discontinuation of CIPAC, contribute to a landscape where cyber defenses are weaker than they were just a year ago.
Impact of Information Flow Interruptions
Mackey also warned against interruptions in information exchange, which can enable attackers to refine their methods and repeat successful attacks. Such knowledge gaps, combined with the ongoing skills deficit in the U.S. cybersecurity workforce, complicate the ability to rebuild staffing levels.
Shifting Hiring Practices and DEI Concerns
A shift in hiring practices under the Trump administration raised concerns regarding equity and diversity in recruitment. The CSC 2.0 report noted, “The result is a growing gap in filling critical cyber positions from an already limited talent pool.” Call for “skills-based” recruitment, while sensible, has yet to yield a consistent model that effectively addresses these issues, risking bipartisan consensus on workforce building.
The Move to State-Level Cybersecurity
As federal budget cuts impact cybersecurity agencies, states are stepping up to fill the void. New York, New Mexico, and Pennsylvania have been actively enhancing their cybersecurity capabilities and recruiting talent from federal agencies like CISA.
Darren Guccione, CEO of Keeper Security, advised federal cybersecurity professionals to consider transitioning to state roles by highlighting their experience in securing critical infrastructure and public sector risk management. He noted, “Many federal agencies already collaborate closely with state governments,” allowing for a smooth transition into these roles.
The landscape is challenging, but the need for skilled cybersecurity professionals has never been greater. Understanding these dynamics is crucial for those working in the field and for policymakers committed to ensuring the cybersecurity of the nation.
