New Solarium report highlights policy strides, funding stumbling blocks

Much of the Cyberspace Solarium Commission's recommendations are "on track" to being implemented, but funding issues loom for some.


More than a year after their release, the vast majority of the Cyberspace Solarium Commission's recommendations are on track to being implemented. But even with legislative fixes in place or in process, lack of funding could potentially undermine some efforts, such as improving the federal government's cyber workforce, according to a recent report.

On Aug. 12, the commission released a 56-page progress report that tracks and analyzes the implementation status of the commission's 82 recommendations released last year.

So far, only about 5% of its recommendations faced significant barriers to full implementation, while 44% are on track and 14% are nearing implementation, according to the report. About a quarter, 22%, of the commission's 82 recommendations have been fully implemented since the release of its report in 2020 -- many of which were pushed through the 2021 National Defense Authorization Act.

"Authorizing an activity doesn't do much good without funding behind it. And as we watch the budget process this year, there's a lot still up in the air on this one, especially with respect to activities that were just passed this last January in the National Defense Authorization Act," Laura Bate, the commission's senior director, said during an Aug. 12 virtual event for the release of the report.

Bate said "barriers" and "limited progress" don't necessarily mean the recommendation is dead, but rather that timing is off and "momentum" is needed from the larger community.

Bate said some of those funding delays were expected as part of the legislative, such as those recommendations that were authorized in the 2021 NDAA. However, some areas didn't receive any proposed funding for fiscal 2022.

For example, while the Cybersecurity and Infrastructure Security Agency is poised to get funding bumps in fiscal 2022, there are some constraints in other areas, particularly with workforce initiatives.

Bate said a CISA program called the Cybersecurity Education and Training Assistance Program was "zeroed out" of the agency's budget request. The same thing happened with the Cybersecurity Workforce Development Program authorized at the National Institute of Standards and Technology as part of the 2021 NDAA.

"The president's budget doesn't ask for any money for it. And actually looking at [the National Institute of Standards and Technology] more generally. They're really due to be a busy office, not just because of our recommendations, but also in light of the executive order on improving the nation's cybersecurity there's a lot of work tied to them in there. And so far we haven't really seen particularly significant increases to their cybersecurity and privacy budget," Bate said.

"So some really big funding priorities remain to make sure that implemented recommendations are actually successful."

The report named the recommended reestablishment of the Office of Technology Assessment in Congress, with funding requests around $6 million, and bolstering the Cyber Threat Intelligence Integration Center and FBI's Cyber Mission and National Cyber Investigative Joint Task Force as needing appropriations as part of structural government reform efforts.

Funds are also needed to improve cyber tools for international law enforcement, support the Election Assistance Commission and build a national resilience against foreign, malicious information operations.

Sen. Angus King (I-Maine), commission co-chair, said establishing the national cyber director was one of the commission's most important accomplishments, but there is more left to do.

"There's a lot of work left to be done and this job will never be fully completed because there are always going to be malevolent actors out there," King said.

"And our job now is to be sure that we keep after Jen Easterly [the CISA director], and Chris Inglis [the national cyber director], and Anne Neuberger [the deputy national security advisor for cyber and emerging technologies] and all those others who are, who are on the frontlines and give them the support and authorities that they need to protect the country."