The White House released information regarding a new National Cybersecurity Strategy last week. While it’s encouraging to see the Biden-Harris Administration release the National Cybersecurity Strategy, it’s important to evaluate whether the proposed measures will truly address the growing cyber threat landscape. These are just released and I’ve already had a few conversations about how this will be implemented. Here are the links to both the announcement and the full strategy document.
FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy | The White House
National-Cybersecurity-Strategy-2023.pdf (whitehouse.gov)
From the government’s perspective, the Strategy aims to secure a safe and secure digital ecosystem for all Americans, while also promoting economic security and prosperity, respect for human rights and fundamental freedoms, trust in our democracy and democratic institutions, and an equitable and diverse society. To achieve this vision, the government proposes five pillars of action:
- Defend critical infrastructure
- Disrupt and dismantle threat actors
- Shape market forces to drive security and resilience
- Invest in a resilient future
- Forge international partnerships to pursue shared goals
While these pillars sound promising, I’ve become curious and started looking from a commercial business viewpoint. Cybersecurity is no longer just an option for businesses, it’s a cost of doing business. A cyber-attacks financial and reputational impact can be devastating, and companies must take proactive measures to protect themselves and their customers. This doesn’t require complicated cyber security doctrine. It does demand business attention and resources.
That being said, the government does bear some responsibility to protect its citizens from international cyber threats, particularly when those threats come from state actors. By leveraging international partnerships and coalitions, the government can work with like-minded nations to counter threats to the digital ecosystem through joint preparedness, response, and cost imposition.
To help businesses better understand the proposed measures, let’s break down the five pillars of action:
|
Pillar of Action |
Government Viewpoint |
Commercial Business Viewpoint |
|---|---|---|
|
Defend critical infrastructure |
Expand use of minimum cybersecurity requirements in critical sectors, enable public-private collaboration, and modernize Federal networks and incident response policy. |
Ensure your own critical infrastructure is secure by implementing best practices for cybersecurity and collaborating with industry peers and government agencies. |
|
Disrupt and dismantle threat actors |
Strategically employ all tools of national power to disrupt adversaries, engage the private sector in disruption activities, and address the ransomware threat through comprehensive federal approach. |
Utilize threat intelligence to proactively identify and remediate threats, implement effective incident response plans, and invest in robust cybersecurity technologies. |
|
Shape market forces to drive security and resilience |
Promote privacy and security of personal data, shift liability for software products and services to promote secure development practices and ensure federal grant programs promote secure and resilient infrastructure investments. |
Implement secure software development practices, promote a culture of cybersecurity within your organization, and prioritize cybersecurity investments. |
|
Invest in a resilient future |
Reduce systemic technical vulnerabilities in the foundation of the Internet and digital ecosystem, prioritize cybersecurity R&D for next-generation technologies, and develop a diverse and robust national cyber workforce. |
Invest in emerging cybersecurity technologies, prioritize cybersecurity training and awareness for employees, and collaborate with industry peers and government agencies to stay ahead of emerging threats. |
|
Forge international partnerships to pursue shared goals |
Leverage international coalitions and partnerships to counter threats through joint preparedness, response, and cost imposition, increase partner capacity to defend themselves against cyber threats, and work with allies and partners to make secure global supply chains. |
Collaborate with industry peers and government agencies to share threat intelligence and best practices and prioritize cybersecurity investments to align with global security standards. |
Overall, while the government’s proposed measures are a step in the right direction, it’s essential for businesses to take proactive measures to protect themselves and their customers from the growing cyber threat landscape. By collaborating with industry peers and government agencies, investing in emerging cybersecurity technologies, and prioritizing cybersecurity training and awareness, businesses will have a better defense against cyber threats. We need the government to help secure the digital ecosystem for all Americans. The new strategy doctrine describes several benefits though as usual, whether this triggers real improvements will be in the details and implementation.
Leave a Reply