Eight months after President Biden signed an executive order creating the Cyber Safety Review Board, it still hasn’t been set up, the Associated Press reports. That means critical tasks haven’t been completed, including an investigation of the massive SolarWinds espionage campaign discovered more than a year ago. Russian hackers stole data from several federal agencies and private companies. Some advocates of the board say the delay could hurt national security amid growing concerns of a potential conflict with Russia over Ukraine that could involve nation-state cyberattacks. Biden’s order, signed in May, gives the board 90 days to investigate the SolarWinds hack once it’s established. There’s no timeline for creating the board itself, a job designated to Department of Homeland Security Secretary Alejandro Mayorkas.

DHS said it is far along in setting it up and anticipates a “near-term announcement,” but did not address why the process has taken so long. The Biden administration has made improving cybersecurity a top priority and taken steps to bolster defenses, but this is not the first time lawmakers have been unhappy with the pace of progress. Last year several members of Congress lawmakers complained it took the administration too long to name a national cyber director, a new position created by Congress. The federal government has undertaken reviews of the SolarWinds hack. The Government Accountability Office issued a report this month on that hack and another major hacking incident, finding that there was sometimes a slow and difficult process for sharing information between government agencies and the private sector.