The Biden-Harris Administration has released its five-pronged National Cybersecurity Strategy designed to secure the digital ecosystem by putting more of the burden for cybersecurity on tech organizations and encouraging long-term investments in security.
The Administration’s vision is meant to make the country’s digital ecosystem defensible, resilient and values aligned. The new strategy comes in the wake of several moves the Administration has already taken to help secure U.S. cyberspace, including The National Security Strategy, Executive Order on Improving the Nation’s Cybersecurity, and several National Security memorandums that seek to improve cybersecurity for critical infrastructure and encourage Zero Trust.
According to the strategy, the biggest and most capable organizations should assume a greater share of the burden for mitigating cyber risk, taking the pressure off of small businesses and local governments. Essentially, this means large tech companies and U.S. agencies should take more responsibility.
Per a White House fact sheet, the approach includes five pillars: defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future and forging international partnerships to pursue shared goals.
The national strategy calls for two fundamental shifts, including taking the burden off of end users and onto industry and government, and incentivizing long-term investments in cybersecurity by defending current systems and investing in a future digital ecosystem that is more inherently defensible.
According to the Fact Sheet, this is the Administration’s approach:
Defend Critical Infrastructure – We will give the American people confidence in the availability and resilience of our critical infrastructure and the essential services it provides, including by:
- Expanding the use of minimum cybersecurity requirements in critical sectors to ensure national security and public safety and harmonizing regulations to reduce the burden of compliance;
- Enabling public-private collaboration at the speed and scale necessary to defend critical infrastructure and essential services; and,
- Defending and modernizing Federal networks and updating Federal incident response policy
Disrupt and Dismantle Threat Actors – Using all instruments of national power, we will make malicious cyber actors incapable of threatening the national security or public safety of the United States, including by:
- Strategically employing all tools of national power to disrupt adversaries;
- Engaging the private sector in disruption activities through scalable mechanisms; and,
- Addressing the ransomware threat through a comprehensive Federal approach and in lockstep with our international partners.
Shape Market Forces to Drive Security and Resilience – We will place responsibility on those within our digital ecosystem that are best positioned to reduce risk and shift the consequences of poor cybersecurity away from the most vulnerable in order to make our digital ecosystem more trustworthy, including by:
- Promoting privacy and the security of personal data;
- Shifting liability for software products and services to promote secure development practices; and,
- Ensuring that Federal grant programs promote investments in new infrastructure that are secure and resilient.
Invest in a Resilient Future – Through strategic investments and coordinated, collaborative action, the United States will continue to lead the world in the innovation of secure and resilient next-generation technologies and infrastructure, including by:
- Reducing systemic technical vulnerabilities in the foundation of the Internet and across the digital ecosystem while making it more resilient against transnational digital repression;
- Prioritizing cybersecurity R&D for next-generation technologies such as postquantum encryption, digital identity solutions, and clean energy infrastructure; and,
- Developing a diverse and robust national cyber workforce
Forge International Partnerships to Pursue Shared Goals – The United States seeks a world where responsible state behavior in cyberspace is expected and reinforced and where irresponsible behavior is isolating and costly, including by:
- Leveraging international coalitions and partnerships among like-minded nations to counter threats to our digital ecosystem through joint preparedness, response, and cost imposition;
- Increasing the capacity of our partners to defend themselves against cyber threats, both in peacetime and in crisis; and,
- Working with our allies and partners to make secure, reliable, and trustworthy global supply chains for information and communications technology and operational technology products and services.
In the strategy document, the Administration says the country must make fundamental changes to the underlying basics of the digital ecosystem and give defenders the advantage.
“This strategy will position the United States and its allies and partners to build that digital ecosystem together, making it more easily and inherently defensible, resilient and aligned with our values,” the document states. “By the end of this decisive decade, we will achieve these outcomes so we can confidently take bold leaps into a digitally enabled future that benefits us all.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply