The National Cybersecurity Strategy of the Biden administration was released last March 2, 2023, to secure the digital ecosystem for all Americans. As business leaders, it is crucial to understand and prepare for the implications of this strategy.
This article highlights ten key takeaways to help organizations navigate and manage the changes brought forth by this strategy. By staying informed and taking proactive measures, businesses can ensure the security of their operations and contribute to the broader goal of a safe and secure digital landscape for all.
As cybersecurity threats become more sophisticated and frequent, it’s crucial for businesses to fully grasp the importance of this latest guidance from the government. Let’s start by covering the basics to understand the significance of the National Cybersecurity Strategy.
What is a National Cybersecurity Strategy?
A National Cybersecurity Strategy is a comprehensive plan that outlines how a country will protect itself from cyber threats and promote using secure and resilient information and communication technology (ICT) infrastructure. It includes measures to protect critical infrastructure, enhance cybersecurity awareness, promote international cooperation, and foster innovation.
Why do countries need a National Cybersecurity Strategy?
Cyber threats are constantly evolving and pose a significant risk to national security, economic stability, and public safety. A National Cybersecurity Strategy is necessary to provide a framework for identifying and responding to cyber threats, mitigating risks, and promoting a secure and resilient cyberspace. It helps countries coordinate their efforts to protect critical infrastructure, ensure the privacy and security of individuals and businesses, and encourage economic growth and innovation.
Who is responsible for implementing a National Cybersecurity Strategy?
A National Cybersecurity Strategy involves various stakeholders, including government agencies, private sector organizations, academia, and civil society. A lead agency or a coordinating body is typically responsible for implementing the strategy, but it requires collaboration with all stakeholders to be effective. The government is critical in setting the policy framework and regulatory environment. Still, the private sector and civil society are also key players in implementing measures and promoting a culture of cybersecurity.
How is a National Cybersecurity Strategy developed?
The development of a National Cybersecurity Strategy involves a process of consultation and collaboration among various stakeholders. Typically, it begins with assessing the cyber threat landscape and identifying critical risks and vulnerabilities. Policy formulation involves setting priorities, developing objectives and targets, and identifying specific actions and initiatives to achieve them. The strategy is then subject to review and revision as necessary.
What are some of the critical elements of a National Cybersecurity Strategy?
- A clear statement of national objectives and priorities for cybersecurity
- A framework for identifying and mitigating cyber threats and vulnerabilities
- Measures to protect critical infrastructure and essential services
- A plan for enhancing cybersecurity awareness and education
- A strategy for promoting international cooperation on cybersecurity
- A regulatory framework for promoting secure and resilient ICT infrastructure
- A method for fostering innovation and promoting a culture of cybersecurity
10 Cybersecurity Action Points
1. Defend Critical Infrastructure
This point acknowledges that cybersecurity requirements must be expanded to critical sectors to ensure national security and public safety. In addition, regulations should be harmonized to make compliance less of a burden. Public-private collaboration is another essential element of cybersecurity. This point emphasizes that collaboration should be enabled at the speed and scale to defend critical infrastructure and basic services. Finally, it highlights the importance of safeguarding and modernizing national networks, including updating federal incident response policies.
2. Disrupt and Dismantle Threat Actors
It emphasizes the importance of engaging the private sector in disruption activities through scalable mechanisms. This strategy can include incentivizing private companies to work together to combat cyber threats. Finally, this point highlights the need to address ransomware through a comprehensive Federal approach and working with international partners. Cyber threats do not respect national borders, and cooperation with international partners is essential for the success of any cybersecurity strategy.
3. Shape Market Forces to Drive Security and Resilience
There is a need to place responsibility on those within the digital ecosystem who are best positioned to reduce the risk of poor cybersecurity. It includes securing personal data, shifting liability for software products and services to enable secure development practices, and ensuring that federal grant programs encourage investments in new infrastructure that is secure and resilient. By incentivizing companies to prioritize cybersecurity, the market can become a driving force for improved security and resilience in the digital ecosystem.
4. Invest in a Resilient Future
Through strategic investments and coordinated, collaborative action, the United States will continue to lead the world in innovating secure and resilient next-generation technologies and infrastructure. Businesses participate in this initiative by prioritizing the following –
- They are reducing systemic technical vulnerabilities in the foundation of the internet while making it more resilient against transnational digital repression.
- Prioritizing cybersecurity R&D for next-generation technologies such as post-quantum encryption, digital identity solutions, and clean energy infrastructure; and
- We are developing a diverse and robust national cyber workforce.
5. Rebalancing Cybersecurity Responsibility
The increasing complexity of cyber attacks and the expanding attack surface has made it clear that cybersecurity is no longer solely the responsibility of IT departments. There needs to be a shift in the burden of responsibility to other parts of the organization, such as senior leadership, business units, and employees. However, this must be done on time. The shift needs to be done to ensure all parts of the organization can handle their new responsibilities and provide the necessary training, tools, and resources.
6. Realignment of Incentives
The need for proper incentives is one of the most significant barriers to improving cybersecurity. Organizations need to balance the cost of investments in cybersecurity with the potential losses from a cyberattack. One way to do this is to realign federal and state incentives so that the price of a cyberattack is not solely borne by the organization but also by its customers, suppliers, and partners. It will encourage organizations to make investments to protect their assets and those of their ecosystem partners. Incentives can also be used to promote the adoption of security best practices and the sharing of threat intelligence to improve the overall resilience of the ecosystem.
7. Government Coordination Imperative
Cybersecurity is a national security issue that requires coordination across government agencies and the private sector. The government must use its national power to coordinate efforts to improve cybersecurity and ensure the country’s prosperity. It includes creating a regulatory environment that incentivizes organizations to prioritize cybersecurity, providing resources for cybersecurity research and development, and developing a national strategy to respond to cyber threats. The government must also work closely with private sector partners to share threat intelligence, coordinate an incident response, and develop joint cybersecurity initiatives.
8. Vision for Digital Ecosystem
A strong and resilient digital ecosystem is essential for economic growth and national security. Organizations need to develop a vision for a defensible, resilient, and values-aligned digital transformation that prioritizes cybersecurity. It includes investing in emerging technologies such as artificial intelligence and machine learning to improve threat detection and response, developing robust incident response plans, and ensuring that all ecosystem partners are aligned with shared values and principles for cybersecurity. It also means creating a cybersecurity awareness and education culture that extends beyond the organization to the broader ecosystem.
9. Secure Global Supply Chains
The increasing reliance on foreign suppliers for products and services has made the nation vulnerable to systemic risks to our digital ecosystem. As per Forrester data, 33% of cyberattacks were due to a supply chain or third-party breach. Therefore, the administration urges businesses to adopt a multipronged approach to combat dependence on foreign suppliers for critical components and systems. The long-term strategy calls for public/private sector collaboration, reshoring of manufacturing, and prioritizing resilience and supply chain security to mitigate the risks.
10. Forge International Partnerships
The digital ecosystem is boundless and highly interconnected, and cybersecurity threats often originate outside national borders. Thus, it is imperative to collaborate with other countries to share intelligence, coordinate responses, and build capacity. It can involve creating regional or global cybersecurity centers that serve as hubs for information sharing and capacity building.
Additionally, international partnerships can promote the development of secure supply chains and standards for specific hardware and software products. Partnerships can encourage responsible behavior among digital ecosystem stakeholders, such as promoting the ethical use of data, respecting individual privacy, and combating disinformation and propaganda. Overall, the report underscores the need for a global approach to cybersecurity that transcends national boundaries and promotes collective action.
Join the nationwide campaign to strengthen cybersecurity
Cybersecurity has become a top priority for businesses of all sizes in today’s hyper-connected landscape. The latest National Cybersecurity Strategy underscores the importance of prioritizing cybersecurity, implementing effective practices, safeguarding data, and mitigating risks specific to each organization. By prioritizing cybersecurity and taking proactive measures, businesses can play a significant role in the nationwide effort to secure the internet for everyone.