The more we depend on the digital world, the more critical it is to ensure that we are protected and can trust the digital landscape we rely on so heavily for small and large businesses. On March 2, 2023, the Biden-Harris Administration released its National Cybersecurity Strategy to establish a safe and secure digital landscape that benefits all Americans, especially after the significant cyber intrusions and ransomware attacks experienced by SolarWinds, Microsoft Exchange, Colonial Pipeline, and JBS Foods.
The United States seeks to re-envision cyberspace to accomplish objectives while upholding core principles, including economic stability and progress, protecting human rights and fundamental freedoms, trust in democratic processes and institutions, and an inclusive society.
The National Cybersecurity Strategy ultimately transforms the way in which the U.S. allocates roles, responsibilities, and resources in cyberspace through two fundamental shifts: rebalancing defense responsibility and realigning incentives for long-term investments.
So let’s get into it and dive into the five key pillars that serve as the foundation for this Strategy:
Defending United States critical infrastructure
When it comes to critical infrastructure, former Chief of Staff to the CIA Director Jeremy Bash mentioned in an interview with CNBC: ‘Our weakness is that every device is connected to the internet; the attack surface is spread across the entire private sector. That’s why critical infrastructure is vulnerable. Infrastructure operators and the companies that service them need to get their cyber house in order, and they need to do so at the same speed as the digital threats we face.’ Although many have taken a voluntary approach to critical infrastructure and have contributed to meaningful improvements, there is a need for mandatory requirements as the overall outcomes have proven to be inadequate and inconsistent.
To address this, the National Cybersecurity Strategy aims to strengthen the confidence and resilience of United States citizens in critical infrastructure by:
- Broadening minimum cybersecurity requirements for specific sectors such as food and agriculture, government facilities, and critical manufacturing.
- Facilitating public-private collaboration at the pace and scale in order to defend critical infrastructure.
- Improving coordination across federal government agencies and the private sector.
Disrupt malicious threat actors endangering U.S. interests
As ransomware attacks become more prevalent and threaten critical infrastructure, the National Cybersecurity Strategy includes several objectives to stop cyber actors in their tracks, making it impossible for them to threaten the national security or public safety of the United States. This involves:
- Making cybercriminal activities unprofitable and less effective for state actors by utilizing all available tools and resources of national power.
- Encouraging more frequent and seamless collaboration between the public and private sectors to disrupt malicious adversaries that threaten digital infrastructure.
- Increasing the speed and scale of intelligence sharing and victim notification by developing more efficient processes by multiple government agencies.
Utilizing market forces to promote and enhance security and resilience
This pillar strives to increase the trustworthiness of its digital ecosystem by holding those best placed to mitigate risk accountable and shifting the adverse outcomes of weak cybersecurity away from the most vulnerable. It includes:
- Promoting privacy and security of personal data through legislation and strict limits on data collection, use, transfer, and maintenance.
- Shifting liability for software products and services to entities that do not take reasonable measures to secure their software.
- Encouraging secure and resilient investment in critical infrastructure through federal grant programs that prioritize cybersecurity and resilience from design all the way to maintenance.
Establishing a more secure digital landscape by making strategic investments
The United States will maintain its global leadership in developing secure and resilient next-generation technologies and infrastructure through strategic investments and coordinated, collaborative actions, which will involve:
- Identifying the most significant systemic risks and collaborating with the private sector to minimize risk exposure without disrupting the infrastructure that supports the platforms and services.
- Prioritizing cybersecurity R&D for next-generation technologies, including technologies such as post-quantum encryption, digital identity solutions, and clean energy infrastructure.
- Developing a diverse and robust national cyber workforce by expanding the national cyber workforce, improving diversity, and increasing access to cyber education and training opportunities.
Developing international partnerships to achieve shared goals
The United States is aiming towards for a world where responsible behavior by nations in cyberspace is encouraged and reinforced, and reckless behavior is penalized and results in isolation. This pillar can be achieved by:
- Leveraging global alliances and collaborations by combating threats that are being faced by the digital landscape through a joint effort in response, readiness, and cost imposition.
- Enhancing the abilities of partners to defend themselves against threats in a time of crisis and during quiet times.
- Creating secure, reliable global supply chains with allies and partners by building reliable supply chains for sufficient information and communications technology and operational technology products and services.
After diving into the details of the Biden-Harris Administration’s National Cybersecurity Strategy, as an MSP or IT professional, you no longer have to justify the importance of implementing cybersecurity practices to your clients or top-level management. The strategy makes it clear that, regardless of the organization’s size or type, leaving it vulnerable to cyber attacks is simply not an option.
The National Cybersecurity Strategy sets an ambitious and forward-thinking vision for achieving a highly secure digital landscape in the United States. By realigning roles and responsibilities among entities and promoting long-term investments in cybersecurity through incentives, this strategy, along with comprehensive cybersecurity solutions like Guardz, will reshape how the United States tackles cybersecurity in the future.
Guardz is an all-in-one cybersecurity solution that provides enterprise-grade cyber technology and makes it accessible to businesses of all sizes. We empower MSPs and IT professionals to secure their clients’ and businesses with our comprehensive suite of features, including email protection, cloud applications posture, device security, and cyber insurance coverage in a single pane of glass.