In today’s world, cyber threats are becoming increasingly frequent and complex, with the potential to cause significant damage to individuals, organizations, and even nations. To tackle this growing problem, the US government has developed a National Cybersecurity Strategy that outlines a comprehensive approach to defend against cyber threats. In this article, we will break down the critical points of this strategy. Let’s get started!
What is National Cybersecurity Strategy?
The National Cybersecurity Strategy is a comprehensive approach developed by the US government to defend against cyber threats. It outlines the government’s vision for securing cyberspace to protect national security, public safety, and economic prosperity. The strategy identifies the most significant threats to US cyberspace and proposes five pillars to address them.
The National Cybersecurity Strategy recognizes that cyber threats come from various actors, including nation-states, criminal syndicates, and individuals. The strategy identifies China, Russia, Iran, North Korea, and criminal syndicates as the most significant threat actors. These actors use various techniques to target individuals and organizations, including phishing, malware, and ransomware.
The National Cybersecurity Strategy proposes a comprehensive approach to defend against cyber threats. The approach comprises five pillars, two fundamental shifts, and an implementation plan.
The Five Pillars National Cybersecurity Strategy
The five pillars of the national cybersecurity strategy are as follows:
- Defend critical infrastructure: The government aims to operationalize an enduring and influential collective defense model that equitably distributes risk and responsibility.
- Disrupt and dismantle threat actors: The government aims to disrupt and dismantle malicious cyber actors by leveraging the full range of tools and authorities.
- Shape Market Forces to Drive Security and Resilience: The government aims to incentivize the private sector to prioritize cybersecurity and build security by design.
- Invest in a Resilient Future: The government aims to invest in research and development to build a more secure and resilient digital ecosystem.
- Forge International Partnerships to Pursue Goals: The government aims to build coalitions with allies and partners to reinforce global norms of responsible state behavior and secure global supply chains for information, communications, and operational technology products and services.
Cybersecurity Strategy: The Two Fundamental Shifts
The National Cybersecurity Strategy proposes two fundamental shifts in the approach to cybersecurity:
- Rebalance the Responsibility to Defend Cyberspace
- Realign Incentives to Favor Long-Term Investments
Cybersecurity Strategy: Defending the Critical Infrastructure
The critical infrastructure of the United States, such as energy grids, transportation systems, and financial institutions, is vulnerable to cyber attacks that could cause significant harm to national security and public safety. To mitigate this threat, the Biden administration has identified five key actions to defend critical infrastructure.
1. Establish Cybersecurity Regulations
This approach will:
- Establish cybersecurity regulations to secure Critical Infrastructure
- Harmonize and Streamline New and Existing Regulations.
- Enable Regulated Entities to Afford Security
2. Scale Public-Private Collaboration
The administration believes public-private collaboration is critical to defending critical infrastructure. Therefore, the administration will scale public-private collaboration efforts by:
- Developing new models for information sharing and collaboration between government and industry
- Providing cybersecurity training and technical assistance to small and medium-sized businesses
- Encouraging the adoption of best practices and standards across all sectors
3. Integrate Federal Cybersecurity Centers
The administration will integrate federal cybersecurity centers to enhance coordination and collaboration across the government. This will include consolidating and modernizing existing centers, such as the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity and Communications Integration Center (NCCIC).
4. Update Federal Incident Response Plans and Processes
The administration will update federal incident response plans and processes to ensure they are effective, efficient, and coordinated.
5. Modernize Federal Defenses
By modernizing federal defenses, the Biden administration will:
- Collectively Defend Civilian Agencies
- Modernize Federal Systems,
- Defend National Security Systems
Disrupting and Dismantling Threat Actors
To combat cyber threats effectively, the Biden administration aims to disrupt and dismantle threat actors through federal disruption activities and public-private collaboration. Here are some of them:
- Integrate federal disruption activities.
- Enhance public-private operational collaboration to disrupt adversaries.
- Increase the speed and scale of intelligence sharing and victim notification.
- Prevent abuse of U.S.-based infrastructure. This means that federal agencies should work to identify and address vulnerabilities in critical infrastructure that threat actors could exploit.
- Counter cybercrime, and defeat ransomware through law enforcement agencies and cybersecurity professionals.
Shaping Market Forces to Drive Security and Resilience
To achieve a more secure and resilient cyberspace, the Biden administration aims to:
- Hold the data stewards responsible.
- Drive the development of secure IoT devices.
- Shift liability for insecure software products and services.
- Use federal grants and other incentives to build security.
- Leverage federal procurement to improve accountability.
- Explore a federal cyber insurance backstop.
Investing in a Resilient Future
The Biden administration recognizes the importance of investing in a resilient future for cybersecurity. The following are key areas of focus:
- Securing the technical foundation of the internet,
- Reinvigorating Federal Research and Development for Cybersecurity
- Preparing for our post-quantum future
- Securing our clean energy future
- Support the development of a digital identity ecosystem
- Develop a national strategy to strengthen our cyber workforce
Forging International Partnerships to Pursue Goals
In an interconnected world, international collaboration is crucial to protect against global cybersecurity threats. The Biden Administration recognizes this and has made it a priority to forge strong partnerships with other countries to pursue common goals in cybersecurity. Here are the focus arrears:
- Building coalitions to counter threats to our digital ecosystem
- Strengthening international partner capacity
- Build Coalitions to Reinforce Global Norms of Responsible State Behavior
- Secure Global Supply Chains for Information, Communications, and Operational Technology Products and Services
Cybersecurity Strategy: Implementation of The National Executive Order
To ensure the effectiveness of the Cybersecurity Executive Order, the government will regularly assess its progress toward achieving its goals and evaluate the impact of its investments. The government will also work to incorporate lessons learned from previous cyber incidents into the strategy’s implementation.
Regulators are encouraged to build incident review processes into their regulatory frameworks. Maintaining an open, free, global, interoperable, reliable, and secure internet and building a more defensible and resilient digital ecosystem will require generational investments by the Federal Government, allies and partners, and the private sector.
To guide this investment, ONCD and OMB will jointly issue annual guidance on cybersecurity budget priorities to departments and agencies to further the Administration’s strategic approach_._
Will Your Organization be Impacted by New Federal Regulations?
Agile IT has broad experience in pro-actively driving our customers to meet exacting industry and government regulations, from privacy and oversight to cybersecurity and data governance. We are a Microsoft Azure Government and Government Community Cloud (GCC and GCC High) experts, and can help you assure that your organization is ready for any regulatory challenge. To find out how we can help, contact us today.