One Year In: The President’s National Cybersecurity Strategy is Driving Change and Protecting the Nation
By National Cyber Director Harry Coker, Jr.
On March 2, 2023, President Biden released the National Cybersecurity Strategy, a guiding document that has set the course for how the Biden-Harris Administration drives policy and action to defend our increasingly digital world.
At the time, President Biden said, “Cybersecurity is essential to the basic functioning of our economy, the operation of our critical infrastructure, the strength of our democracy and democratic institutions, the privacy of our data and communications, and our national defense.” He went on to remind us that this Strategy, “recognizes that robust collaboration, particularly between the public and private sectors, is essential to securing cyberspace.”
These principles have guided our effort to shift the responsibility to defend cyberspace from individuals, small businesses, state and local governments to the organizations most capable of carrying that responsibility and best-positioned to reduce risk for all of us – namely technology companies and the Federal Government. They have also driven us to realign incentives to favor long-term investments in cybersecurity and resilience. That requires us to strike a careful balance between defending ourselves against urgent threats today and simultaneously planning strategically for, and investing in, a resilient digital future.
The release of the Strategy kicked off significant work across the Federal Government to protect the nation and the digital systems that touch nearly every aspect of American life.
For the past year, folks at the Office of the National Cyber Director (ONCD) have been working tirelessly as we coordinate implementation of the 69 initiatives identified in the first iteration of the Strategy’s implementation plan.
Federal agencies have made progress on all 69 initiatives outlined last July. In fact, more than 20 are already completed.
While the Strategy is enduring, its implementation is iterative. We’ll be sharing the next version of the implementation plan soon but today, one year in, ONCD would like to share some of our progress.
- Pillar one of the Strategy calls on us to defend critical infrastructure.
In partnership with the Cybersecurity and Infrastructure Security Agency (CISA), ONCD developed, updated, and published multiple exercise scenarios for the Healthcare and Public Health, Water, Maritime Transportation, Chemical, and Commercial Facilities sectors, and the election sub-sector. This empowers critical infrastructure owners and operators to prepare for, practice, and proactively improve their operations to stay protected from nation-states and malicious cyber actors that would want to do them harm. - In the Strategy’s second pillar, we aim to disrupt and dismantle threat actors. In September, the Department of Defense publicly released a summary of its new Cyber Strategy, which is focused on further incorporating cyber into all-domain deterrence and continuing to persistently engage malicious cyber actors engaged in offensive operations against the Nation. In addition, the Department of Justice has continued to up the speed and scale of disruption operations.
- In the Strategy’s third pillar, we aim to shape market forces to drive security and resilience. In October, the Office of Management and Budget proposed changes to the way the Federal Government buys “Internet of Things” devices to ensure that they are secure by design. By setting a high bar for businesses that want to sell to the government, American consumers will benefit from improved cybersecurity standards for connected devices.
- In the Strategy’s fourth pillar, we are called on to drive investments in a resilient future. The National Institute of Standards and Technology is doubling down work to ensure that the Federal Government, in partnership with industry, is present in multinational standards developing organizations. Being at the forefront of cybersecurity standards work is critical for both our national security and our economic competitiveness on the global stage.
- And in the Strategy’s fifth pillar, we are forging international partnerships to pursue shared goals. In pursuit of this goal, the State Department Bureau of Cyberspace and Digital Policy was created just over a year ago and is working diligently to build and strengthen international coalitions to counter malicious cyber actors. In addition, the National Telecommunications and Information Administration has awarded more than $130 million in grants from the Public Wireless Supply Chain Innovation Fund that will help test the security of open, interoperable wireless networks. The shift to open and interoperable networks is vital for the development of new, open-architecture approaches to wireless networks will help to ensure that future wireless equipment is built by the U.S. and its global allies and partners – not vendors from nations that threaten our national security.
The work to carry out the President’s vision takes coordination across the Federal Government, private sector, state, local, tribal and territorial governments, international partners, academia, non-profits and Congress.
Protecting the country in cyberspace is a whole-of-nation effort.
We are proud to lead the charge and know there is much more work to do.