On Thursday, March 2nd, the Biden administration outlined how it will reimagine national cybersecurity, announcing a clear vision for protecting national security, public safety, and economic prosperity.
The National Cybersecurity Strategy aims to create a secure digital ecosystem for all Americans. To accomplish this, the Strategy contends, the US must change how it assigns cyberspace roles, responsibilities, and resources.
The administration outlined the need to rebalance the responsibility of defending cyber threats from individuals, small businesses, and government organizations and to shift responsibility to software developers, vendors, and critical infrastructure operators.
The document also articulated the importance of working proactively and strategically to defend against current threats and ensure future resilient operations.
The vision proposes multiple solutions to accomplish this, including establishing minimum security requirements to safeguard the future of both private and public companies. Currently, these responsibilities have been optional, with a limited effect on a national scale.
The Whitehouse has yet to announce regulatory details. Still, there is a consensus that they should be guided by existing cybersecurity standards and guidance, such as the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity and the Cybersecurity and Infrastructure Security Agency's (CISA) Cybersecurity Performance Goals.
"[The strategy] takes on the systemic challenge that too much of the responsibility for cybersecurity has fallen on individual users and small users," President Biden wrote in the introduction to his new plan. "By working in partnership with industry, civil society, and State, local, Tribal, and territorial governments, we will rebalance the responsibility for cybersecurity to be more effective and equitable."
Calls for coordinated, proactive protection align with OTORIO’s mission to proactively manage cyber risks and ensure resilient operations by leveraging existing tools within a technology-enabled ecosystem.
"As we increasingly rely on interconnected systems to run our critical infrastructure, the importance of ICS security and OT security cannot be overstated. The consequences of a cyber attack on these systems can be catastrophic, causing not only significant financial losses but also posing a threat to public safety and national security. It's essential that we prioritize the protection of these systems and implement robust security measures to safeguard against potential threats." said Danny Bren, CEO & Co. Founder
Taking control of security posture
The cybersecurity world is rapidly evolving. The threat environment is complex, with both state and non-state actors developing and executing novel campaigns to threaten American interests. To counter those threats, next-generation technologies like OTORIO’s RAM² are reaching maturity at an accelerating pace. This creates new pathways for innovation while increasing digital interdependencies.
The National Cybersecurity Strategy offers a framework to address current and future threats by working with allies and partners to make its digital ecosystem defensible, resilient, and value-aligned. As a result, cyber-defense should become more manageable, more effective, and cheaper; with cyber incidents and errors having a less widespread or lasting impact.
Below is a summary of how the new national cyber security policy will build and enhance this collaboration:
Defend critical infrastructure and essential services – To ensure the availability and resilience of critical infrastructure and essential services, the Strategy proposes expanding minimum cybersecurity requirements in critical sectors, enabling public-private collaboration, and modernizing Federal networks and incident response policy.
National tools to disrupt and dismantle threat actors – The government will develop a comprehensive federal approach to safeguard national security and public safety against malicious cyber actors by involving international partnerships, strategic use of national power, and collaboration with the private sector to disrupt malicious activities and address issues like ransomware threats.
Shape market forces to drive security and resilience – To ensure a trustworthy digital ecosystem, the new strategy aims to reduce risk by placing cybersecurity responsibility on those best positioned to do so. This liability includes promoting privacy and security of personal data, shifting liability for software products and services, and ensuring federal grant programs promote secure and resilient infrastructure investments.
Invest in a resilient future with next-generation technologies – The United States will lead the world in innovating secure and resilient next-generation technologies and infrastructure. This will require a reduction in systemic technical vulnerabilities, prioritizing cybersecurity R&D, and developing a diverse, robust national cyber workforce.
Pursue shared goals with international partnerships – The United States will work with like-minded nations to counter threats to the digital ecosystem through joint preparedness, response, and cost imposition. The Strategy aims to increase the capacity of partners to defend themselves against cyber threats and make secure, reliable, and trustworthy global supply chains for information and communications technology, as well as operational technology products and services.
Read the Whitehouse policy document here: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
In this Smart Industry article, OTORIO CEO Daniel Bren outlines a blueprint for defending critical infrastructure for private companies.