Key Report Takeaways:
- First major reversal: Only 35% of Cyberspace Solarium Commission recommendations are now fully implemented, down from 48% last year. Nearly a quarter of completed initiatives have backslid for the first time since 2020.
- CISA and diplomatic capacity gutted: Steep workforce and budget cuts at CISA and the State Department’s cyber diplomacy program are undermining national defense capabilities, while elimination of CIPAC has damaged industry-government trust.
- Workforce crisis accelerating: Changes to federal hiring and rollback of diversity programs are narrowing the cyber talent pipeline as China expands global digital influence.
- Five urgent fixes needed: Commission calls for strengthening ONCD authority, restoring CISA and State Department funding, reinstating CIPAC, and establishing consistent skills-based workforce models.
The United States is losing ground in cybersecurity for the first time in five years, with “unprecedented” backsliding threatening national resilience, according to the 2025 Annual Report on Implementation from the U.S. Cyberspace Solarium Commission (CSC 2.0), released October 22.
Stalled Progress
The assessment revealed only 35% of the Commission’s 82 recommendations are fully implemented, down from 48% in 2024. Nearly a quarter of previously completed initiatives have lost their status, the first such regression since the original 2020 Commission report outlined its “layered cyber deterrence” strategy.
“Our nation’s ability to protect itself and its allies from cyber threats is stalling and, in several areas, slipping,” the report states.
Five Critical Priorities
The Commission identified urgent actions for the Trump administration and Congress:
- Enhance ONCD Authority: The Office of the National Cyber Director (ONCD) needs formal convening power over civilian agency cyber policy, budget review authority, and a mandate to harmonize conflicting regulations. The report recommends an executive order to grant these authorities and lead efforts to update the decade-old Presidential Policy Directive 41.
- Restore CISA Capabilities: As the national coordinator for critical infrastructure security under NSM-22, theCybersecurity and Infrastructure Agency (CISA) has suffered workforce and budget cuts that limit its ability to lead incident response and scale early warning programs. The administration should develop an action plan to restore capacity, while Congress provides multi-year funding stability.
- Rebuild Cyber Diplomacy: Restructuring has gutted the State Department’s Bureau of Cyberspace and Digital Policy (CDP), stripping resources as China expands global digital influence. The Commission urges restoring CDP personnel and creating long-term Congressional funding for ally capacity-building.
- Reinstate CIPAC: Eliminating the Critical Infrastructure Partnership Advisory Council (CIPAC) created legal uncertainty that has chilled industry-government information sharing. The Department of Homeland Security should immediately reinstate CIPAC, or Congress should intervene to restore legal protections.
- Fix Workforce Gaps: New hiring practices and rollback of diversity initiatives have narrowed the cyber talent pipeline. The report calls for consistent, skills-based hiring frameworks and expanded programs like CyberCorps to broaden recruitment.
Rising Threats Increase the Stakes
The assessment comes as adversaries exploit vulnerabilities created by weakened authorities, diminished diplomatic capacity, and workforce gaps. The Commission warns that continued erosion will compromise America’s ability to deter attacks and protect critical infrastructure.
The full report is available at CSC 2.0 website.