On March 2, the Biden administration released its 2023 National Cybersecurity Strategy, an attempt “to secure the full benefits of a safe and secure digital ecosystem for all Americans.” The Strategy recognizes that the US government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity.
Strategy vision and pillars
This Strategy sets a roadmap to address a complex threat environment where state and non-state actors develop and execute novel campaigns. The Strategy’s vision is to secure the promise of the digital future by making the ecosystem:
- Defensible, where cyber defense is less complex, affordable for everyone, and more effective.
- Resilient by minimizing the impact of cyber incidents and errors.
- Values-aligned, where values like economic security and prosperity, respect for human rights, trust in democracy, and an equitable and diverse society shape and are reinforced by the digital world.
To meet the goals set by the Biden administration, the foundation will be a deep and enduring collaboration between stakeholders across our digital ecosystem. This Strategy seeks to build and enhance collaboration around five pillars:
1. Defend Critical Infrastructure
2. Disrupt and Dismantle Threat Actors
3. Shape Market Forces to Drive Security and Resilience
4. Invest in a Resilient Future
5. Forge International Partnerships to Pursue Shared Goals
The pillars organizing this strategy articulate a vision of shared purpose and priorities for these communities, highlight challenges they face in achieving this vision, and identify strategic objectives to organize their efforts.
Key points of the 2023 Cybersecurity Strategy
With this new National Cybersecurity Strategy, the administration focuses on securing our nation’s critical infrastructure by increasing cybersecurity regulations on the critical sectors while working with Federal and Local governing bodies to clarify the regulatory requirements.
The Strategy also sets forth an increased initiative in modernizing Federal networks while updating policies. The collaboration of public and private organizations will be key to the modernization of these networks. The expertise from the private sector, including companies like Thales, will be paramount in this initiative.
This modernization will include moving antiquated on-premises networks to the cloud and multi-cloud environments, which comes with increased risks. However, this move also adds layers of updated security for these networks. Quantum computing preparedness will also be part of the new modernization, as this will become a greater risk in the near future.
This new strategy will increase the opportunity for private cyber security companies to work in tandem with critical markets like the Federal Government, State and Local Government agencies, Utilities, Healthcare, and Educational institutions.
Besides collaboration, businesses and CISOs must pay attention to the “security of personal data”, which is the key message of the third pillar. CISOs and other executives need to fully comprehend and have visibility into where their personal and critical data resides. It requires leaders to implement appropriate security controls that could apply to data at all stages, including data at rest, in motion, or in use. Techniques that can help to enable this level of security include data encryption and centralized encryption key management, as they are globally accepted mechanisms to help minimize cybersecurity threats.
To do so, CISOs need to swiftly understand the data risks within their IT networks and infrastructure. Once they identify where their data risk is, the next step will be identifying how to protect it – leaders should consider a discover, protect, and control methodology to best secure their data.
Will the US benefit from a proactive security approach?
Biden’s National Cybersecurity strategy is anticipated to take a more offensive approach to protect the nation’s infrastructure as nation-states continue to target the US using increasingly intelligent methods like AI/ML, quantum computing, and more. In a rapidly evolving tech landscape, an offensive approach provides a more agile response than slow-to-pass legislation on methods like Zero Trust, which have become a necessary measure – and are now considered basic insurance.
How to be first in line to comply with the new regulation
If predictions are correct, the critical infrastructure sector will face new cyber regulations deriving from the National Cybersecurity Strategy. While this may leave agencies feeling like they’re scrambling to find budget, resources, and strategies, this does not need to be the case.
If the Quantum Computing Cybersecurity Preparedness Act taught us anything, the best decision is not to wait. Regulations will not demand the adoption of solutions that do not already exist, and the best way to get ahead and get federal funding is to start evaluating technology now, begin determining the necessary skill sets to implement that technology and find trusted advisors to get you through the application process.
Those who are ready upfront will likely receive project funding vs. those who lag behind. Thales can further discuss the benefits of being the first to make these investments and how working with a trusted partner who maps their solutions to requirements should help speed the process along.
Learn more about the value of proactive security measures.