In an ideal world, our cyber ecosystem would naturally present hurdles to adversaries who do us harm. Our devices and networks would proactively block or prevent attacks. The people and organizations who plug into the network for their day-to-day lives would follow best practices for managing their risk. We could trust that suppliers of our technology and services were uncompromised. But this is not how things work today. Today, our hardware and software are rife with known and unknown security flaws. Security policies and processes in our businesses are ill-informed by robust metrics and underdeveloped. Supply chains present key weaknesses for adversaries to compromise. In short, vulnerability pervades the cyber ecosystem—the people, processes, and technology—that underpins much of our government, economy, and day-to-day life. The Commission’s recommendations to “Reshape the Cyber Ecosystem toward Greater Security” seek to change that status quo.