The US government says a rapidly evolving world demands a more intentional, coordinated, and well-resourced approach to cyber defence at the launch of its new National Cybersecurity Strategy.
The revamped US cyber strategy seeks to reimagine cyberspace as a tool that reflects American values, including economic security and prosperity, respect for human rights and fundamental freedoms, trust in democracy and democratic institutions, and an equitable and diverse society.
The US government’s new cyber outlook also calls for international coalitions and partnerships among like-minded nations to counter threats to digital ecosystems and offers the possibility of the US acting to increase the capacity of its partners “to defend themselves against cyber threats, both in peacetime and in crisis”.
Fundamental changes in how the United States allocates roles, responsibilities, and resources in cyberspace will be required, and the plan proposes shifting responsibility for cybersecurity away from individuals, small businesses, and local governments and onto organisations.
“Our world is at an inflection point,” says US President Joe Biden. “That includes our digital world. The steps we take and choices we make today will determine the direction of our world for decades to come. This is particularly true as we develop and enforce rules and norms for conduct in cyberspace."
The plan seeks to enhance collaboration around five pillars:
Defend Critical Infrastructure
The strategy seeks to give the American people confidence in the availability and resilience of critical infrastructure and essential services by expanding the use of minimum cybersecurity requirements in critical sectors. The strategy also aims to harmonise regulations to reduce compliance burden and enable public-private collaboration at the speed and scale to defend critical infrastructure and essential services. Additionally, the strategy seeks to defend and modernise Federal networks while updating Federal incident response policy.
Disrupt and Dismantle Threat Actors
The strategy aims to make malicious cyber actors incapable of threatening the national security or public safety of the United States. This includes strategically employing all tools of national power to disrupt adversaries, engaging the private sector in disruption activities through scalable mechanisms, and addressing the ransomware threat through a comprehensive Federal approach in collaboration with international partners.
Shape Market Forces to Drive Security and Resilience
The government aims to place responsibility on those within the digital ecosystem who are best positioned to reduce risk and shift the consequences of poor cybersecurity away from the most vulnerable. This will be achieved by promoting privacy and the security of personal data, shifting liability for software products and services to promote secure development practices, and ensuring that Federal grant programs promote investments in new infrastructure that are secure and resilient.
Invest in a Resilient Future
Through strategic investments and coordinated, collaborative action, the United States aims to lead the world in the innovation of secure and resilient next-generation technologies and infrastructure. This includes reducing systemic technical vulnerabilities in the foundation of the Internet and across the digital ecosystem, making it more resilient against transnational digital repression, and prioritising cybersecurity research and development for next-generation technologies like postquantum encryption, digital identity solutions, and clean energy infrastructure. Additionally, the United States is committed to developing a diverse and robust national cyber workforce.
Forge International Partnerships to Pursue Shared Goals
The US government says it aims for a world where responsible state behavior in cyberspace is the norm and where the cost of irresponsible behaviour is isolating, as well as expensive. To achieve this, the government plans to leverage international coalitions and partnerships among like-minded nations to address threats to the digital ecosystem through joint preparedness, response, and cost imposition; increase the capability of partners to defend themselves against cyber threats in both peacetime and crisis situations; and collaborate with allies and partners to establish secure, reliable, and trustworthy global supply chains for information and communications technology and operational technology products and services.
- UK government follows US and bans TikTok on official devicesOperational Security
- “Easy target” TikTok is under fire from US federal agenciesNetwork Security
- SailPoint secures fifth consecutive accolade for ID securityCyber Security
- Crown Commercial Services partners with CyberCXCyber Security