In Oct. 2022, the administration published an outline of this strategy, which follows other steps to strengthen U.S. cybersecurity, like implementing zero-trust frameworks and boosting the nation’s quantum readiness. According to the White House, the U.S. National Cybersecurity Strategy will be based on five pillars; defending critical infrastructure, fighting cyber adversaries, shaping market forces to drive security and resilience, investing in next-generation technologies, and creating international partnerships to pursue shared goals.
Shifting Security Responsibility to Organizations
One of the key visions of the U.S. National Cybersecurity Strategy is to shift the responsibility for cybersecurity from small businesses, individuals, and local governments “onto the organizations that are most capable and best-positioned to reduce risks for all of us.” “By working in partnership with industry; civil society; and State, local, Tribal, and territorial governments, we will rebalance the responsibility for cybersecurity to be more effective and more equitable,” the White House said. The Director of the Cybersecurity and Infrastructure Agency (CISA), Jen Easterly, echoed these same points while speaking at Carnegie Mellon University on Monday, explaining that most technology products are “dangerous-by-design.” Easterly urged manufacturers and developers to create “secure by design” or “secure-by-default” products as unsafe tech products enable cyber-intrusions from adversaries like Russia and China. The White House also highlighted the importance of realigning incentives to support long-term investments and “striking a careful balance” between self-defense and investing in a resilient future.
Ransomware is a ‘National Security Threat’
The National Cybersecurity Strategy described ransomware as a national security threat. The 2022 Allianz Risk Barometer also singled out ransomware as a global concern. According to the White House, China is “the broadest, most active, and most persistent threat” by far, but threat actors from other “safe havens,” like Iran and North Korea, should not be taken lightly. “The National Cybersecurity Strategy highlights the importance of the National Security Agency’s foreign signals intelligence and cybersecurity missions to national-level cybersecurity, recognizes the successes of the Cybersecurity Collaboration Center (CCC), and the Director of NSA’s role as the National Manager for National Security Systems,” a spokesperson for the National Security Agency (NSA) told VPNOverview. “NSA’s Cybersecurity Collaboration Center has been highly effective at disrupting adversary activity through partnerships. The CCC will continue to build and leverage these partnerships within the Defense Industrial Base ecosystem to provide cybersecurity at scale through operational collaboration and bidirectional threat sharing,” the spokesperson added. The U.S. National Cybersecurity Strategy comes in the wake of several major cyber-intrusions, most notably the 2021 colonial pipeline attack and the Solar Winds cyber-breach that went undetected for years. “As I have often said, our world is at an inflection point. That includes our digital world. The steps we take and the choices we make today will determine the direction of our world for decades to come. This is particularly true as we develop and enforce rules and norms for conduct in cyberspace. We must ensure the Internet remains open, free, global, interoperable, reliable, and secure — anchored in universal values that respect human rights and fundamental freedoms,” President Joe Biden said. As threats continue to evolve and threaten the global digital landscape, new cybersecurity approaches, like utilizing the power of artificial intelligence, will increasingly become necessary.