Home » US Launches New National Cybersecurity Strategy

Publication date: March 10, 2023

US Launches New National Cybersecurity Strategy

Share this content

Written by Angela Polania

Angela Polania, CPA, CISM, CISA, CRISC, HITRUST, CMMC RP. Angela is the Managing Principal at Elevate and board member, and treasurer at the CIO Council of South Florida.

In 2018 the Department of Homeland Security released a 5-year strategy to provide a framework to execute their cybersecurity responsibilities. The goal was to improve national cybersecurity risk management by increasing security and resilience across government networks and critical infrastructure.

On Thursday, March 2nd, the new plan for the National Cybersecurity Strategy was released, outlining long-range goals for how individuals, government and businesses can safely operate in the digital world. While this is not an executive order, the new policy document represents a significant shift in attitude toward the highly talked about “public-private partnerships”. Many aspects of the new strategy are already in place, but others would require legislative changes posing potential challenges in the current congressional climate.

Acting National Cyber Director Kemba Walden expressed that this new strategy “fundamentally re-imagines America’s cyber social contract” and will “rebalance the responsibility for managing cyber risk onto those who are able to bear it”. It has been stressed that asking individuals, small businesses and local governments to take on the primary burden of cybersecurity “isn’t just unfair, it’s ineffective”.

Walden added “The biggest, most capable and best-positioned actors in our digital ecosystem can and should shoulder a greater share of the burden for managing cyber risks and keeping us all safe.”

The strategy outlines and builds upon the 5 pillars of cybersecurity strategy:

Pillar 1 | Defend Critical Infrastucture

  • Expanding the use of minimum cybersecurity requirements in critical sectors to ensure national security and public safety and harmonizing regulations to reduce the burden of compliance
  • Enabling public-private collaboration at the speed and scale necessary to defend critical infrastructure and essential services
  • Defending and modernizing Federal networks and updating Federal incident response policy

Pillar 2 | Disrupt and Dismantle Threat Actors

  • Strategically employing all tools of national power to disrupt adversaries
  • Engaging the private sector in disruption activities through scalable mechanisms
  • Addressing the ransomware threat through a comprehensive Federal approach and in lockstep with our international partners

Pillar 3 | Shape Market Forces to Drive Security and Resilience

  • Promoting privacy and the security of personal data
  • Shifting liability for software products and services to promote secure development practices
  • Ensuring that Federal grant programs promote investments in new infrastructure that are secure and resilient

Pillar 4 | Invest in a Resilient Future

  • Reducing systemic technical vulnerabilities in the foundation of the Internet and across the digital ecosystem while making it more resilient against transnational digital repression
  • Prioritizing cybersecurity R&D for next-generation technologies such as postquantum encryption, digital identity solutions, and clean energy infrastructure
  • Developing a diverse and robust national cyber workforce

Pillar 5 | Forge International Partnerships to Pursue Shared Goals

  • Leveraging international coalitions and partnerships among like-minded nations to counter threats to our digital ecosystem through joint preparedness, response, and cost imposition
  • Increasing the capacity of our partners to defend themselves against cyber threats, both in peacetime and in crisis
  • Working with our allies and partners to make secure, reliable, and trustworthy global supply chains for information and communications technology and operational technology products and services

The 39-page National Cybersecurity Strategy document explains that “we will make two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace. In realizing these shifts, we aspire not just to improve out defenses, but to change those underlying dynamics that currently contravene our interests.”

These two fundamental shifts are:

 “Rebalance the Responsibility to Defend Cyberspace” which will focus on “asking more of the most capable and best-positioned actors to make our digital ecosystem secure and resilient.

“Realign Incentives to Favor Long-Term Investments” which “outlines how the “Federal Government will use all tools available to reshape incentives and achieve unity of effort in a collaborative, equitable, and mutually beneficial manner.”

A senior administration official acknowledged that creating laws to shift liability to industry is a long-term process, possibly a decade. There is expected pushback not just from the big tech industry, but also the U.S. Chamber of Commerce which has lobbied against mandating security standards in the past. The industry as a whole will be on watch to see how this new aggressive and comprehensive federal cybersecurity regulation will fare in the coming years.

Related posts

Contact Elevate today to learn more about Cyber Security | Elevate Insights

Elevate // +1 (888) 601-5351 // Monday to Friday 9am-6pm