The Biden-Harris Administration recently unveiled the National Cybersecurity Strategy in response to the growing interconnectedness of the digital world and the increasing complexity of software systems. This strategy aims to guarantee a secure and safe digital ecosystem for all Americans to utilize and benefit from. Digital connectivity now permeates almost every aspect of our lives, linking personal and professional spheres as well as bridging the gap between digital and physical realms. As nation-states and malicious actors continue to launch cyberattacks, the government is committed to transforming its approach to addressing these persistent threats by ensuring our digital ecosystem is robust, resilient, and consistent with our core values.
While the administration has already taken significant steps towards these goals, the new approach focuses on five pillars where we can build and enhance collaboration: defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships to pursue shared goals. All of these pillars are essential, and by beginning with the defense ofcritical infrastructure we can reassure the American people of the dedication to protecting these sixteen sectors and the essential services they provide.
Defend Critical Infrastructure
We must establish cybersecurity requirements (Objective 1.1) to support national security and public safety. This strategy may result in more regulations in critical sectors that align with existing regulations in other areas. While not all sectors require the same cybersecurity requirements, ensuring that the regulations are consistent and predictable can reduce the burden of compliance. The goal of existing and new regulations is to encourage and require better cybersecurity practices at scale. Further, the cybersecurity requirements should prioritize key technologies that demonstrate effectiveness based on proven data – such as Deep Content Disarm and Reconstruction (Deep CDR) to eliminate cyber threats and ensure a comprehensive and reliable approach to cybersecurity – rather than focusing on how well cybersecurity companies market their solutions.
Scale is critical to this strategy, as is collaboration (Objective 1.2). To effectively address advanced threats at scale, there must be greater public-private collaboration. Asthe strategy document outlines, the “Shields Up” campaign related to Russia’s war on Ukraine increased preparedness and promoted effective measures to combat malicious activities. Future efforts must duplicate this collaboration and include international allies and civilians to invest in a more resilient future, one that is not reliant on the constant vigilance of small organizations and individual citizens. Private sector entities collaborating closely with federal agencies can enable more rapid and coordinated response to minimize the impact of attacks on critical infrastructure or, preferably, even prevent attacks. I hope the collaboration will be open, cooperative, and prioritize American companies to foster growth and innovation within the country.
There are already multiple departments and agencies responsible for supporting the defense of critical infrastructure. The new strategy intends to integrate federal cybersecurity centers (Objective 1.3), creating collaborative nodes to drive intragovernmental coordination. TheJoint Cyber Defense Collaborative (JCDC) at CISA is a first step in achieving this goal by integrating cyber defense planning and operations. JCDC does this across the Federal Government and in collaboration with international partners and the private sector. While there is more work to be done, these centers enable more opportunities for collaboration and for the centers to share timely, relevant, and actional information with private sector partners. And to be most effective, we hope the federal government will disclose the goals, metrics and non-confidential and non-sensitive activity of these centers.
While the private sector is often able to mitigate cyber incidents without federal assistance, the new goal is to provide a unified response when needed. This means an update to federal incident plans and processes (Objective 1.4), so that organizations know which government agency to contact when they are targeted by cyber threats. Organizations must also know what form of support to expect from the federal government. To that end, CISA is leading a process to update theNational Cyber Incident Response Plan (NCIRP) in a drive to strengthen processes, procedures, and systems. TheCyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires that covered cyber incidents be reported to CISA within hours for covered entities in critical infrastructure. This rapid notification accelerates identification of the cause of incidents and assists with making rapid, informed decisions. Overall, this is a commendable initiative, but I hope that some key aspects of the reported cyber incidents can be disclosed so that we can learn how to prevent threats. This approach would allow us to shift from the typical cycle of detection and response to a more proactive mindset focused on prevention.
Finally, the strategy aims to modernize federal defenses (Objective 1.5). The federal government relies on communications, resilient and secure information, and operational technology and services to perform its duties. In this complex digital environment, this means that the federal government systems must be modernized to ensure its networks are both resilient and defensible. Part of these modernization efforts include applying zero trust principles to counter threats inside and outside of traditional network boundaries. It's a fantastic initiative, and I hope it will incorporate technologies like Deep CDR, country of origin assessment, and ensure that the zero-trust approach goes beyond merely replacing VPNs to create a more comprehensive and robust cybersecurity strategy.
Zero Trust in Private and Public Sectors
By making its own systems more defensible and resilient, the federal government can ensure a more effective defense of critical infrastructure. This begins with a zero-trust architecture strategy while also modernizing IT and OT infrastructure. A zero-trust approach moves defenses from network-based perimeters to one based on resources, users, and assets. Supply chains, including the software supply chain, must also adopt zero trust principles and assume no implicit trust based on physical or network location.
This approach focuses more on preventing attacks by ensuring that both authentication and authorization occur before establishing a connection to protected data or systems. As software has become increasingly complex and interconnected, cybersecurity must encompass the new reality of remote users, bring your own device (BYOD) trends, and access to cloud-based assets. While the approach focuses more heavily on prevention than detection, part of the goals of this strategy are to increase overall cyber resiliency and reliability – even when an attempted attack does occur.
All these initiatives rely on developing a competent cyber workforce to test, secure, analyze, and modernize our national cybersecurity. While protecting data and ensuring the reliability of critical systems is the responsibility of the owners and operators of that system, collaboration across technology providers, critical infrastructure systems, and federal agencies can help us to hold our data securely and ensure that we operate as a free and interconnected society.
Want to learn more about how OPSWAT protects critical infrastructure? Please contact one of our cybersecurity experts.
