The recently released National Cybersecurity Strategy created by the Biden-Harris Administration has taken a more proactive stance, aiming for deterrence, resilience, and offensive cyber capabilities. International cooperation is being fostered, as well as increased private sector involvement with the priority of securing critical infrastructure and cultivating an enhanced capability in dealing with existing threats. This represents a strong message that all necessary measures will be undertaken to protect national security interests through aggressive methods if needed. This comprehensive plan outlines goals such as fortifying federal government systems against cyber threats, furthering public-private collaboration on cybersecurity resilience, setting standards through federal procurement, and reinforcing international law enforcement initiatives in combating cybercrime. The strategy has outlined several critical priorities to improve cybersecurity: from implementing mandatory standards for operators of crucial infrastructure, pushing forward federal data privacy legislation, and creating “know your customer” regulations for cloud providers, all the way to restricting software developers’ disclaimers on product vulnerabilities.
As you know, the nation’s cybersecurity aims to strengthen cybersecurity protocols and ensure the safety of American citizens from malicious digital threats. To bolster the nation’s ability to protect itself and its citizens, the Biden-Harris administration has outlined a new strategy in 2023 to help address emerging threats. The new strategy includes two specific primary goals, which they aim to achieve using a 5-part approach.
Goal One: Shifting the Responsibility of Cybersecurity
This goal of shifting the burden of cybersecurity aims to take the responsibility of cybersecurity out of the hands of individuals and small businesses and put it into the hands of more capable organizations that are capable of helping secure everyone.
Goal Two: Long-Term Planning
The second goal was described in the official White House statement as favoring long-term planning and preparedness for the future of the nation’s cybersecurity rather than solely focusing on current urgent threats.
The 5-Part Approach
“Defend Critical Infrastructure”
The first goal is to increase the use of basic cybersecurity measures in important areas to protect the country’s security and people’s safety. This includes making regulations more consistent to make it easier for organizations to follow them. The second goal is encouraging cooperation between public and private entities to protect essential infrastructure and services from cyber threats. This requires swift and comprehensive action. The third goal is to improve the security and efficiency of government computer networks while also updating policies for how to respond to cyber incidents that may occur.
“Disrupt and Dismantle Threat Actors”
With the second approach, the government aims to tackle cyber-attack threats by teaming up with private sector entities responsible for essential infrastructure and technology. Together, they will engineer effective solutions that can be implemented rapidly to face these threats. In addition, a multi-faceted strategy has been established in response to ransomware attacks, including working alongside international allies toward a unified solution.
“Shape Market Forces to Drive Security and Resilience”
To enhance trustworthiness in today’s digital sphere, this objective aims to place responsibility for risk mitigation and vulnerable person protection on those best qualified. To pursue that aim responsibly, we plan to prioritize privacy and data security measures – protecting people from stolen or misused information by hackers – and shifting liability for products/services towards secure development practices. This way, companies can be proactive about product safety instead of reactive after damages have been done. Finally, leveraging Federal grants, investments are also underway in new infrastructure to bolster cybersecurity resilience and trustworthiness – a crucial step toward protecting vulnerable people from cyber-attacks.
“Invest in a Resilient Future”
Approach four aims to establish the United States as a global leader in developing secure and resilient next-generation technologies and infrastructure by taking strategic investments and coordinated, collaborative actions. The objective has three main components:
- Reducing Systemic Technical Vulnerabilities: This component seeks to identify and address systemic technical vulnerabilities that undermine the security of the Internet and the broader digital ecosystem. The goal is to improve the resilience of digital infrastructure against transnational digital repression, a threat from state and non-state actors seeking to manipulate or suppress digital content and communication.
- Prioritizing Cybersecurity R&D: This component focuses on investing in research and development for next-generation technologies critical for ensuring cybersecurity. The technologies include post quantum encryption, which provides a higher level of security against quantum computer-based attacks, digital identity solutions that can prevent identity theft and fraud, and clean energy infrastructure, which can enhance the security and resilience of critical infrastructure.
- Developing a Diverse and Robust Cyber Workforce: This component emphasizes the importance of developing a diverse and robust national cyber workforce that can support the implementation of the first two components. The workforce includes professionals with a broad range of skills, backgrounds, and perspectives, including cybersecurity experts, data scientists, and engineers. Developing this workforce will require investments in education, training, and career development programs.
“Forge International Partnerships to Pursue Shared Goals”
Lastly, part five seeks to promote responsible state behavior in cyberspace by creating a world where countries are expected to behave responsibly and where irresponsible behavior is met with isolation and consequences. This objective has three main components:
- Leveraging International Coalitions and Partnerships: This component focuses on building international coalitions and partnerships with like-minded nations to counter threats to the digital ecosystem. These partnerships will involve joint preparedness, response, and cost imposition, meaning nations will work together to develop and implement cybersecurity measures and hold responsible parties accountable for cyber attacks.
- Increasing Partners’ Cybersecurity Capacity: This component emphasizes the importance of increasing the cybersecurity capacity of US partners. The United States will work with its allies and partners to help them defend themselves against cyber threats in peacetime and during a crisis. This may include training, technical assistance, and other resources to help partners build their cybersecurity capabilities.
- Ensuring Secure and Trustworthy Global Supply Chains: This component ensures that global supply chains for information and communications technology and operational technology products and services are secure, reliable, and trustworthy. The United States will work with its allies and partners to develop and implement measures that prevent the infiltration of malicious actors into supply chains and protect against the exploitation of vulnerabilities in these products and services.
The 2023 US cybersecurity strategy is a game-changer. Aimed at keeping the nation secure in an ever-changing technological landscape, this initiative considers the rapidly intensifying complexity and sophistication of cyber threats with increased detection measures designed to deter malicious behavior. Additionally, public-private collaboration will be fostered to further protect critical infrastructure sectors and people’s day-to-day lives by developing partnerships between government officials and private sector entities. Lastly, innovative education and training programs are set up to invest in current or prospective professionals so that future generations can effectively tackle any security challenges they may face.