US government puts cybersecurity at forefront with newly announced National Strategy

The National Cybersecurity Strategy was unveiled today by the Biden-Harris Administration. The Strategy recognizes that government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity.

The United States will make its digital ecosystem:

• Defensible, where cyber defense is overwhelmingly easier, cheaper, and more effective
• Resilient, where cyber incidents and errors have little widespread or lasting impact.

The Administration has already taken steps to secure cyberspace and the digital ecosystem, including the National Security Strategy, Executive Order 14028 (Improving the Nation’s Cybersecurity), National Security Memorandum 5 (Improving Cybersecurity for Critical Infrastructure Control Systems), M-22-09 (Moving the U.S. Government Toward Zero-Trust Cybersecurity Principles), and National Security Memorandum 10 (Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems).

Build and enhance collaboration

This Strategy seeks to build and enhance collaboration around five pillars:

1. Defend critical infrastructure – Give the American people confidence in the availability and resilience of critical infrastructure and the essential services it provides, including by:

• Expanding the use of minimum cybersecurity requirements in critical sectors to ensure national security and public safety and harmonizing regulations to reduce the burden of compliance
• Enabling public-private collaboration at the speed and scale necessary to defend critical infrastructure and essential services
• Defending and modernizing Federal networks and updating Federal incident response policy

2. Disrupt and dismantle threat actors – Using all instruments of national power, the US will make malicious cyber actors incapable of threatening the national security or public safety, including by:

• Strategically employing all tools of national power to disrupt adversaries
• Engaging the private sector in disruption activities through scalable mechanisms
• Addressing the ransomware threat through a comprehensive Federal approach and in lockstep with international partners.

3. Shape market forces to drive security and resilience – The US will place responsibility on those within the digital ecosystem that are best positioned to reduce risk and shift the consequences of poor cybersecurity away from the most vulnerable in order to make the digital ecosystem more trustworthy, including by:

• Promoting privacy and the security of personal data
• Shifting liability for software products and services to promote secure development practices
• Ensuring that Federal grant programs promote investments in new infrastructure that are secure and resilient.

4. Invest in a resilient future – Through strategic investments and coordinated, collaborative action, the United States will continue to lead the world in the innovation of secure and resilient next-generation technologies and infrastructure, including by:

• Reducing systemic technical vulnerabilities in the foundation of the Internet and across the digital ecosystem while making it more resilient against transnational digital repression
• Prioritizing cybersecurity R&D for next-generation technologies such as postquantum encryption, digital identity solutions, and clean energy infrastructure
• Developing a diverse and robust national cyber workforce.

5. Forge international partnerships – The United States seeks a world where responsible state behavior in cyberspace is expected and reinforced and where irresponsible behavior is isolating and costly, including by:

• Leveraging international coalitions and partnerships among like-minded nations to counter threats to the digital ecosystem through joint preparedness, response, and cost imposition
• Increasing the capacity of partners to defend themselves against cyber threats, both in peacetime and in crisis
• Working with allies and partners to make secure, reliable, and trustworthy global supply chains for information and communications technology and operational technology products and services.