The White House has released a new plan for ensuring security in digital ecosystems. It hopes to “reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and diverse society.”
Achieving this will require shifts from how we currently view cybersecurity. The Biden-Harris Administration plans to rebalance the responsibility of security from individuals and small businesses and onto organizations that are best positioned to reduce risk for all. They also plan to rebalance the need to defend security risks today with positioning us to plan for future threats.
“With the new policy, the onus is now on technology companies to mitigate cyber risks and as result, they are forced to take a hard look at their security programs to ensure they are meeting these new standards and guidelines,” said Camellia Chan, CEO and co-founder of Flexxon, a cybersecurity business that specializes in AI-driven security solutions.
This National Cybersecurity Strategy builds on other initiatives that the Administration has already released, such as the Executive Order on Improving the Nation’s Cybersecurity, National Security Strategy, and M-22-09 (Moving the U.S. Government Toward Zero-Trust Cybersecurity Principles).
It includes five pillars: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships.
It will defend critical infrastructure by expanding minimum requirements in critical sectors, enabling collaboration between the public and private sector, and modernizing federal networks and updating the federal incident response policy.
To disrupt and dismantle threat actors, plans are to employ tools that will disrupt adversaries, get the private sector involved in activities related to disruption, and addressing ransomware threats through a new policy and collaboration with international partners.
It will shift the responsibility of security to companies and government agencies most capable of addressing them. It hopes to shift the consequences of bad security practices from the most vulnerable. It will further promote privacy and security of personal data, shift liability for software products, and use federal grants to promote investments in secure and resilient infrastructure.
To plan for a more resilient future, actions will be reducing technical vulnerabilities in the foundation of the Internet, developing a diverse workforce of cybersecurity professionals, and prioritizing cybersecurity research in technologies like postquantum encryption, digital identity solutions, and clean energy infrastructure,
And finally, it will focus on forging partnerships internationally with “like-minded nations.” These partnerships will enable the U.S. and its partners to work together through joint preparedness, response, and cost imposition. The Administration also plans on helping those partners be able to defend themselves and working on developing secure, reliable, and trustworthy supply chains for information technology products and services.
While the plan was just unveiled today, the Administration claims that the implementation of this strategy is already underway.
“As I have often said, our world is at an inflection point. That includes our digital world” said President Biden. “The steps we take and choices we make today will determine the direction of our world for decades to come. This is particularly true as we develop and enforce rules and norms for conduct in cyberspace. We must ensure the Internet remains open, free, global, interoperable, reliable, and secure—anchored in universal values that respect human rights and fundamental freedoms. Digital connectivity should be a tool that uplifts and empowers people everywhere, not one used for repression and coercion. As this strategy details, the United States is prepared to meet this challenge from a position of strength, leading in lockstep with our closest allies and working with partners everywhere who share our vision for a brighter digital future.”