U.S. President Biden’s administration this week released the first iteration of the National Cybersecurity Strategy Implementation Plan, which was announced in March 2023. The plan aims to boost public and private cybersecurity resilience, take the fight to threat actors, beef up the defense of infrastructure and draw a clear national roadmap of cybersecurity responsibilities.
Each initiative in the plan aligns with one of the five essential pillars:
- Defend critical infrastructure.
- Disrupt and dismantle threat actors.
- Shape market forces to drive security and resilience.
- Invest in a resilient future.
- Forge international partnerships to pursue shared goals.
There are more than 65 federal initiatives under the banner of a National Cybersecurity Strategy Implementation Plan. According to a White House document about the plan, it looks at two critical areas: the need for more “capable actors” in cyberspace to shoulder more cybersecurity responsibilities and the need to incentivize and invest in long-term resilience.
Eighteen agencies will lead the whole-of-government plan, which consists of a variety of activities, including updating the National Cyber Incident Response Plan and combating ransomware via the Joint Ransomware Task Force.
The first pillar, which is focused on securing infrastructure with a concentration on private/public partnerships, the Plan not only dedicates attention to clarifying the roles of risk management agencies but also places important responsibilities in the hands of the Office of Management and Budget.
The second pillar of the Plan involves the Department Increasing the volume and speed of disruption campaigns against cybercriminals, nation-state adversaries, and associated enablers by expanding its organizational platforms dedicated to such threats and increasing the number of qualified attorneys dedicated to cyber work.
The third pillar of the Implementation Plan focuses on securing the software supply chain, focused on software design resilience
The fourth pillar states that the National Institute of Standards and Technology will convene the Interagency International Cybersecurity Standardization Working Group to coordinate major issues in international cybersecurity standardization and enhance U.S. federal agency participation in the process. NIST will also finish the standardization of one or more quantum-resistant publickey cryptographic algorithms
The fifth pillar focuses on developing international collaboration; the administration’s document said the federal government must develop coordinated operations.
The plan comes just as the federal government is in the midst of another widespread hacking incident impacting federal agencies. The Chinese-linked operation gained access to the emails of roughly two dozen organization worldwide including multiple U.S. federal entities.