Just one year after Sept. 11, the National Commission on Terrorist Attacks on the United States commonly known as the 9/11 Commission, was formed to prepare an account of the circumstances surrounding the worst terrorist attack ever on U.S. soil. In 2004, the complete report laid out 41 recommendations. Many have since been implemented. However, there is still work to be done. When Director of National Intelligence James Clapper reveals the report card for the past decade today, three areas must be addressed.

First, Congressional oversight of the Department of Homeland Security should be reformed. Ten years ago the 9/11 commission recommended “unifying and strengthening congressional oversight…” but political motivations have kept congressional leadership stalling. Currently, DHS has to report to over 100 committees,subcommittees and caucuses. Proposed reform could reduce this number to six. Less time in congressional hearings is more time that DHS officials can spend actually doing their job and protecting our nation.

Furthermore, the U.S. should stop senseless security measures that are unworkable and add little value for the resources they consume. These include a national biometric exit program and a 100 percent interview requirement for all visa applicants. Such programs demand enormous investments with little return in combating terrorist travel or enforcing U.S. immigration laws. Existing tools are sufficient for tracking foreigners exiting the country and compliance with U.S. immigration laws. Visa interviews should be based on “risk,” thus focusing on classes of persons, states, and individuals of greatest concern.

Finally, the U.S. government needs a cybersecurity strategy focusing not just on technology but on a comprehensive approach. The internet has become an invaluable tool for global terrorism to spread propaganda, gather intelligence, fundraise, recruit, plan operations, and conduct cyber-criminal activities. As such, the U.S. government must have a sustained equivalent counterinsurgency strategy for cyberspace that includes collecting intelligence, integrating government and civilian action and building host-nation cybersecurity, among other components. A legislative initiative is needed that gets all the pieces exactly right, ensuring that civil liberties, privacy, and economic prosperity are maintained while securing America’s digital infrastructure.

At the same time, merely expanding federal regulatory powers is not the solution. Due to the dynamic and fast-moving nature of cybersecurity, regulation is often too slow and may actually hinder security by building a culture of mere compliance with regulations and a false sense of security against enemies who are agile, motivated and clever. To win the battle for cyberspace, cyber strategy must become much more multifaceted.

Over the past decade, progress has been made to unify and strengthen the ability of the U.S. to protect the homeland from terrorist attacks. Between September 2001 and April 2013, 53 of the 60 Islamist-inspired terrorist plots against the homeland were thwarted due in large part to the concerted efforts of U.S. law enforcement and intelligence. However, on April 15, 2013 two explosions went off at the finish line of the Boston Marathon, killing three people and injuring hundreds more. Progress has been made, but much work remains if such attacks are to be avoided in the future.