National Cybersecurity Strategy: Top Takeaways

Watch Now: "White House Cybersecurity Briefing - Top Takeaways for Cybersecurity Pros", a LinkedIn Live Event featuring Jack Roehrig, Crystal Poenish, and Richard Stiennon.

(Note: this event was Live on March 9th, 2023 on LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:7039011768160980992)

The goal of the National Cybersecurity Initiative, announced in March 2023, is to make “fundamental changes to the underlying dynamics of the digital ecosystem,” primarily the Internet, to make it more “inherently defensible, resilient, and aligned with our values.” The United States Government wants to shift the advantage to the defenders, while making it more difficult and costly to engage in criminal activities.

The digital ecosystem needs to support national initiatives to build a smart grid for renewable energy, improve IoT (Internet of Things) safety for consumer goods and industrial controls, including for essential infrastructure, and enable “real-time global collaboration leveraging vast amounts of data and computing power that will unlock scientific discoveries and other public goods of which we cannot yet conceive.”

The current state of our digital ecosystems presents challenges, such as deepening digital dependencies, increased software and systems complexity, and global interconnectivity. The result is cyberattacks can spill over and create waterfall effects with a large scope of damage.

Threat actors used to be merely a nuisance, but now they have evolved into sophisticated and powerful organized crime groups, including nation states, seeking to do harm to the United States and its allies. The tools and services used by these threat actors are widely available and are regularly used to facilitate cyberattacks against the U.S., resulting in economic loss as well as threatening civilian access to critical services such as food, medical care and utilities.

To improve our defenses and change the underlying dynamics of the digital ecosystem to be “inherently defensible, resilient, and aligned with U.S. values” the 2023 National Cybersecurity Strategy is focused on the following five pillars:

1. Defend Critical Infrastructure
2. Disrupt and Dismantle Threat Actors
3. Shape Market Forces to Drive Security and Resilience
4. Invest in a Resilient Future
5. Forge International Partnerships to Pursue Shared Goals.

Implementation of the new strategy will involve “two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace.”

1. Rebalance the responsibility to defend cyberspace: Take the burden off end users and shift the responsibility to the “owners and operators of the systems that hold our data and make our society function.”
2. Realign incentives to favor long-term investments: The federal government will focus on investing in renewing infrastructure, supply chains, cryptographic technologies, as well as incentivize private and public organizations who demonstrate good stewardship of our digital ecosystem.

References

FACT SHEET: Biden-⁠Harris Administration Announces National Cybersecurity Strategy

https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

FULL STRATEGY: National Cybersecurity Strategy, March 2023

https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf

Read more from Jack Roehrig here: https://medium.com/@sirjackery/the-us-national-cybersecurity-strategy-takeaways-for-security-pros-bd807bc120bb