On July 13, 2023, the White House rolled out its maiden National Cybersecurity Strategy Implementation Plan, with provisions for annual revisions. The plan is built on two foundational goals: (a) Elevating cybersecurity responsibility among principal cyberspace stakeholders, and (b) Intensifying investments towards enduring cyber resilience.
Central to the plan is its structure around the five pillars of the White House’s (U.S.) National Cybersecurity Strategy. The Implementation Plan doesn’t just lay out these pillars, but it also pinpoints strategic objectives, high-impact cybersecurity initiatives under each, and crucially, designates the federal agency charged with spearheading each initiative to fruition. The subsequent outline provides a snapshot of significant initiatives from the plan, particularly emphasizing their direct implications for critical infrastructure sectors like healthcare, energy, manufacturing, IT, and financial services.
01. Defend Critical Infrastructure:
This pillar emphasizes on fortifying national security and public safety. Key moves include:
- Standardizing cybersecurity across essential sectors,
- Promoting the National Institute of Standards and Technology (NIST) Cybersecurity Framework,
- Amplifying public-private collaborations.
A noteworthy Cybersecurity and Infrastructure Security Agency (CISA) rule regarding cyber incident reporting for critical infrastructures is in the pipeline, with a completion date set for September 30, 2025.
02. Disrupt and Dismantle Threat Actors:
It seeks a proactive stance against cybercrime. Major initiatives involve:
- Department of Defense’ (DOD) commitment to roll out an updated cyber strategy by end-2023,
- Department of Justice’ (DOJ) collaboration to legislate against cybercrime by 4Q FY23,
- Setting standards for Infrastructure-as-a-Service (IaaS) providers.
3. Shape Market Forces to Drive Security and Resilience:
A pivotal shift here involves the software realm, particularly around accountability. The Office of the National Cyber Director (ONCD) will lead the charge in creating a software liability framework. Furthermore:
- Efforts will be made to bolster the security of IoT devices,
- The DOJ aims to enhance cybersecurity compliance among vendors, and
- The feasibility of a federal cyber insurance backstop is being examined.
4. Invest in a Resilient Future:
Anchored in technological safety, its core aims include:
- Office of Management and Budget’s (OMB) drive to prioritize network security practices such as DNS encryption,
- A thrust for “memory safe programming languages”, and
- Addressing existing security vulnerabilities in internet protocols. An overarching National Cyber Workforce and Education Strategy is also on the cards.
5. Forge International Partnerships
Recognizing cyber threats as a global concern, this pillar leans on:
- Publishing an International Cyberspace and Digital Policy Strategy,
- Enhancing global cyber capacities, and
- Holding states (nations) accountable for cyber commitments.
In essence, with over 65 initiatives under its umbrella, this Implementation Plan offers a strategic vision of the U.S. government’s cybersecurity trajectory. It’s imperative for organizations across sectors to align their cybersecurity and compliance practices with this roadmap.