The Biden administration has issued an implementation framework for its National Cybersecurity Strategy, detailing how the federal government plans to regulate digital security issues. The highly anticipated document lists more than 65 initiatives for executing the “five pillars” of the March 2023 U.S. National Cybersecurity Strategy, described as a “bold, affirmative vision for cyberspace.” The implementation takes a two-pronged approach: empowering capable actors who can bear more of the security responsibility, and the need for incentives that facilitate investment in long-term resilience.
Acting National Cyber Director Kemba Walden called the implementation plan “a living document.” While the roadmap will be updated, it will always be at the service of the overarching White House strategy, which Walden said “is meant to be enduring and is crafted to guide policy across the decisive decade.”
The implementation “will evolve whether in response to changing threat landscapes, or as initiatives are completed and we get follow on actions,” according to CyberScoop coverage of the Wednesday press briefing.
Released Thursday, the Implementation Plan will be updated as needed with a major 2.0 release set for 2023. “Walden noted there are several aspects of the plan that are either already completed or are underway such as working to codify the Cyber Safety Review Board, the Pentagon’s updated unclassified cyber implementation plan, and the nearing completion of the anticipated national cyber workforce and education strategy,” CyberScoop writes.
Other initiatives include “the Cybersecurity and Infrastructure Security Agency updating the National Cyber Incident Response Plan, which the agency announced in January and is expected to be completed in the first quarter of fiscal year 2025,” per CyberScoop. That update will offer “clear guidance” for external partners on the government’s role and capabilities in incident response and recovery, Walden said.
Beginning this year, the plan will address the Internet of Things, with the Office of Management and Budget working with the Federal Acquisition Regulatory Council on regulatory proposals for IoT device labeling, as well as CISA support for vulnerability disclosures spanning domestic and international threats, and a State Department approach to countering ransomware crime in conjunction with international allies.
“The plan also requires the Department of Justice to increase the speed and volume of its disruption campaigns targeting cybercriminals and nation-state adversaries, and it tasks several entities across the intelligence community with leading the development of ‘a menu of options’ to coordinate and execute disruption operations,” Nextgov reports.
A major focus of the National Cybersecurity Strategy is the collaboration between government and private enterprise to fend off bad actors.