March 2023 National Cybersecurity Strategy: What You Should Know

The Biden-Harris administration has recently announced its much-anticipated National Cybersecurity Strategy. Just over four years since the previous strategy’s publication, the March 2 unveiling lands on the heels of ever-growing security concerns and a plethora of major incidents.

This plan takes a fundamentally different approach than we saw in 2018. A statement from the White House’s briefing room outlines these shifts in direction, emphasizing collaboration and partnership:

“We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best positioned to reduce risks for all of us.

We must realign incentives to favor long-term investments by striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future.”

Key Takeaways from the National Cybersecurity Strategy

The new strategy outlines five main pillars and several sweeping objectives to be achieved in the next decade.

Defend Critical Infrastructure

The alarm bells have been ringing for some time. Incident after incident has shown that we cannot afford to leave these vital entities vulnerable any longer.

The Biden administration has been clear with its position, hinting that meaningful regulations are imminent. The new strategy goes on to call out a lack of mandatory requirements as the culprit behind past inefficient and disorganized improvement efforts.

The strategy also underlines the need for collaboration between government agencies and the private sector. There is an emphasis on leveraging all available resources as weaknesses are assessed in hopes of sharing threat information and promoting best practices.

Disrupt and Dismantle Threat Actors

Another strong stance can be found in the second section of the cybersecurity strategy.

“The United States will use all instruments of national power to disrupt and dismantle threat actors whose actions threaten our interests.”

The current administration has already had some success in holding cybercriminals accountable. Some initial efforts have resulted in seizures of over $6 million in ransom payments during late 2021 (REvil), and the FBI’s long-term infiltration of the Hive ransomware group, which intercepted a further $130 million. The new cybersecurity strategy aims to be even more effective at disrupting threat actors going forward.

The goal is to take advantage of this early momentum and accelerate similar initiatives to set a new precedent. Increased risk of repercussions and heightened security could help dissuade would-be criminals in the long run.

Shape Market Forces to Drive Security and Resilience

The third section emphasizes new expectations, and accountability for, “those within our digital ecosystem that are best positioned to reduce risk and shift the consequences of poor cybersecurity away from the most vulnerable…”

The responsibility of securing the personal data of those affiliated with an organization should never be taken lightly. People are our greatest assets and will ultimately suffer alongside the compromised entity.

The new strategy notes that liability for software and services is intended to make networks more trustworthy. Below are some examples of how exactly this will be done according to the White House’s Fact Sheet:

• Promote privacy and security of personal data.
• Shift liability for software products and services to promote secure development practices.
• Ensure federal grants promote investments in new infrastructure that is secure and resilient.

It’s still early, and the execution of these ideas remains to be seen, but the new cybersecurity strategy appears to be on the right track. Through a mix of incentivization and holding negligent organizations accountable, the administration aims to encourage the industry to invest in new products that are built to be more secure from the ground up rather than fixing holes in old, outdated code.

Invest in a Resilient Future

Keeping with the theme of looking ahead, the Biden Administration also intends to address the fundamental security of the internet by analyzing the most critical risks and working down from there.

With growing concerns over the fragility of civilian and military communications, critical infrastructure, finance, and other facets of our current infrastructure, our national security is being called into question. Especially in light of advancements in quantum computing (technology that can solve more complex problems than traditional computers) and the potential it could be used as a malicious tool. Ambitious as it may be, this is a reprioritization that is desperately needed.

By placing an emphasis on cybersecurity R&D and evolving the workforce through the addition of leaders and experts with diverse backgrounds, the new strategy seeks to affirm the US as a world leader in the innovation of cyber strategy and technology infrastructure.

It’s refreshing to see strong objectives put forth by leadership which appears to appreciate the need to make headway on a more secure future.

Forge International Partnerships to Pursue Shared Goals

The final pillar of the new strategy hopes to realize the potential of international partnerships as a tool to oppose threats in our digital ecosystem. With a focus on international coalitions, and uniting our allies against threats, this section boldly addresses the adversarial behavior of other entities with less-than-altruistic motives.

“The United States seeks a world where responsible state behavior in cyberspace is expected and reinforced and where irresponsible behavior is isolating and costly.”

We’ll be hearing more about these efforts in the coming years. Steps are being taken to meet opposing powers head-on through global unification driven by common goals, but will it be enough?

Progress toward this objective can be observed presently, and international agencies have already been formed. Current US leadership has even backed a leadership candidate for the International Telecommunication Union (ITU), a branch of the United Nations that has the potential to mold the progression of the internet in its entirety.

Closing Thoughts

The new strategy has been well-received by cybersecurity experts and industry leaders, who believe that the increased focus on cybersecurity is long overdue and necessary to protect national security. The new strategy redoubles the aggressive approach set forth by the previous administration, and in this regard, it is a noteworthy move for the White House.

Many have praised the strategy’s emphasis on collaboration between government and industry, as well as with our global allies to help prevent and respond to cyber threats both at home and internationally.

Conversely, there has been a level of concern about the potential cost and burden that new requirements may place on businesses, particularly smaller ones with limited resources. Some have also criticized the strategy for not going far enough in addressing the root causes of cyber threats.

The fact is, this new strategy is sweeping, and organizations of all kinds will need to take a more proactive approach to cybersecurity. This is an objectively necessary mission—one that experts attribute to a future where security is an integrated part of our culture.

Here’s hoping the next decade will feature widespread growth and remediation of the most critical flaws in our industry.