The Biden-Harris administration has announced its National Cybersecurity Strategy, a blueprint for the federal government on how best to handle issues related to cybercrime, national cyber defense, and what role the private sector should play in protecting national cybersecurity in the coming years.
The 2023 National Security Strategy, a 35-page document authored by recently retired National Cyber Director Chris Inglis, is a high level analysis of the current state of national cybersecurity and a guide for managing cyber policy across broad ranging federal agencies and departments. The newly released National Cybersecurity Strategy replaces the 2018 National Cyber Strategy issued by the Trump-Pence administration.
The document includes two overarching goals:
- “We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us.”
- “We must realign incentives to favor long-term investments by striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future.”
On a call with reporters shortly after the Strategy’s release, Acting National Cyber Director Kemba Walden said, “The president’s strategy fundamentally reimagines America’s cyber-social contract. It will rebalance the responsibility for managing cyber risk onto those who are most able to bear it.”
What Does the National Cybersecurity Strategy Include?
The document includes five actionable directives for improving cybersecurity:
- Defend critical infrastructure.
- Disrupt and dismantle threat actors.
- Shape market forces to drive security and resilience by enhancing the security of technology sold to companies.
- Invest in a resilient future by funding public investments in cyber upgrades.
- Forge international partnerships to pursue shared cybersecurity goals.
Who is Impacted by the National Cybersecurity Strategy?
The Strategy specifically points to federal agencies in its guidelines and recommendations, stressing the importance of investing in more advanced security, but it also lays out suggestions for municipal and state governments, as well as private industry. Throughout the document, there is an emphasis on critical infrastructure operators and technology suppliers as they relate to these stakeholders.
Private Sector Implications of the National Cybersecurity Strategy
The Strategy emphasizes the importance of private sector responsibility when it comes to protecting data and systems, especially large-scale operations. The document recommends greater liability for private businesses that fall short by forgoing minimum security standards for their products and services.
The document recommends new legislation for governing the way personal data is collected and protected and also recommends that governmental bodies like NIST (the National Institute of Standards and Technology) create stronger national guidelines related to data protection.
Currently, the Office of the National Cyber Director and the Office of Management and Budget are working together to publish an action plan based on the National Cybersecurity Strategy. The Offices will publish yearly updates for federal departments and agencies to guide cybersecurity budgets and to work with Congress to secure additional funding in the form of grants.
Connect with MixMode to speak to an expert to learn more about how the National Cybersecurity Strategy could impact your organization.