US Congress and federal agencies have been slow or unwilling to address warnings about cybersecurity, shelving recommendations that are considered high priority while investing in programs that have fallen short.

The massive cyberattack by suspected Russian hackers, disclosed in December, came after years of warnings from a watchdog group and cybersecurity experts. For instance, the Cyberspace Solarium Commission, which was created by Congress to come up with strategies to thwart sizable cyberattacks, presented a set of recommendations to Congress in March that included additional safeguards to ensure more trusted supply chains.