America’s once-ambitious cyber defences are starting to rust, according to the latest annual report from the US Cyberspace Solarium Commission (CSC), which warns that policy momentum has slowed and even slipped backwards thanks to Trump-era workforce and budget cuts.
The commission’s 2025 Annual Report on Implementation finds that only 35 percent of its original 82 recommendations have been fully implemented – down from 48 percent a year ago. Another 34 percent are “nearing implementation”, and 17 percent “on track,” but this marks the first time in the body’s five-year history that the US has actually lost ground on cyber reform.
The watchdog lays much of the blame on workforce cuts and funding shortfalls at critical agencies, particularly at CISA, whose mandate to protect critical infrastructure has been “weakened by steep workforce and budget cuts.” The report says the rollback has hobbled CISA’s capacity to scale early-warning systems, partner with industry, and maintain trust with the private sector.
Diplomatic cyber capacity has also eroded, the report warns, citing deep cuts to the State Department’s science and capacity-building programs and the continued absence of a Senate-confirmed leader for its Bureau of Cyberspace and Digital Policy. Those functions were seen as vital for projecting US cyber power abroad and coordinating with allies against hostile state activity.
“The United States faces a pivotal decision point,” the commission writes. “It is up to the administration and Congress to seize this opportunity to secure the gains of the past five years; reinforce its cyber deterrence posture; and send a clear signal of capability, intent, and continuity to its adversaries.”
It warns that adversaries are innovating faster than Washington can respond, and that previous gains could quickly evaporate without renewed investment.
Among its top five priorities for the administration: restore funding and staffing for CISA, boost the clout of the Office of the National Cyber Director (ONCD), rebuild diplomatic cyber capacity, reinstate the Critical Infrastructure Partnership Advisory Council (CIPAC) to improve public-private collaboration, and expand the federal cyber talent pipeline.
That last point comes with a sharp jab at the administration’s hiring policies. The report argues that Trump’s rollback of diversity and inclusion initiatives and his introduction of “at-will” hiring mandates have narrowed the pipeline at exactly the moment when demand for skilled cyber professionals is exploding.
“The result is a growing gap in filling critical cyber positions from an already limited talent pool,” the report states.
Even more worrying, the CSC notes that “nearly a quarter of fully implemented recommendations have lost that status,” meaning some of the progress made since 2020 is already unravelling. “For the first time, there has been a substantial reversal of the advances made in previous years,” it warns.
The overall tone of the report is one of frustration mixed with urgency. Many of the original reforms are still in motion, but the pace has faltered. The commission stresses that continuity, across administrations and political divides, is essential if the US is to keep up with adversaries such as China, Russia, and Iran.
The message is clear: the cyber threats aren’t slowing down, even if Washington seems to be. ®