In March, the Biden Administration released the latest guidance aimed at improving the cybersecurity practices of Federal agencies. The National Cybersecurity Strategy builds on the Executive Order for Improving the Nation's Cybersecurity that makes cybersecurity a strategic focus of every agency. This latest guidance drills further into the actions needed to ensure that government systems and citizen data are protected against the ever-evolving threat landscape.
The goal of the strategy is to "rebalance the responsibility to defend cyberspace" and "realign incentives to favor long-term investments." To do this, the responsibility for cybersecurity must be shifted to the organizations that are most capable and best-positioned to reduce risks. It points out that, "a single person's momentary lapse in judgment, use of an outdated password, or errant click on a suspicious link should not have national security consequences." While security is the responsibility of everyone, small businesses, small localities, and individuals simply do not have the resources to support the security needed to protect systems and data. Instead, the guidance proposes new incentives to favor long-term investments in security, resilience, and new technologies.
In practice, this shift in responsibility will likely mean new laws and regulations. As an early example, the administration suggests reframing ransomware as a national security threat. Doing so means it will be easier to summon a coordinated response from law enforcement to respond to attacks and threats. It will also enable more proactive disruption of these threats with increased federal oversight and resources.
The strategy is to focus on five key pillars for tactical improvement of the U.S. cyber posture:
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships to Pursue Shared Goals
Responsibility and accountability are addressed across these pillars as is the need for improved information sharing around threats and cyber best practices.
GovEvents and GovWhitePapers provide access to many cybersecurity events and resources to help organizations advance national cybersecurity strategies.
- RSA Conference 2023 (April 24-27, 2023; San Francisco, CA) - With a theme of "Stronger Together," this year's RSA Conference is focused on how to build on the diverse knowledge and experience to create the next breakthrough. The show features a Public Sector Day tailored to government attendees.
- 2023 Cyber Summit (June 8, 2023; Washington, DC) - Cybersecurity experts and thought leaders will discuss the dynamic and ever-changing role of cyber across the public sector in the digital age.
- 2023 Cyber Solutions Fest (June 9, 2023; webcast) - This event brings together experts and industry leaders to discuss the latest developments and best practices in zero trust solutions, how organizations are approaching zero trust implementations, and the role of advanced technology, like AI and ML.
- Cybersecurity High-Risk Series: Challenges in Protecting Privacy and Sensitive Data Cybersecurity (white paper) - Learn what steps the Government Accountability Office (GAO) highlights in order to address the issues that the Federal government faces with cybersecurity.
- NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework (white paper) - The NIST Cybersecurity Framework (CSF) provides guidance to organizations to better understand, manage, reduce, and communicate cybersecurity risks. The CSF is being updated in an open manner with input from government, academia, and industry, through workshops, public review and comment, and other forms of engagement.
- NSA Cybersecurity 2022 Year in Review (white paper) - This year's report highlights the National Security Agency's (NSA) ability to scale cybersecurity solutions through strong partnerships, resulting in speed and agility and shares a wealth of information on cybersecurity efforts that have better equipped the U.S. to defend against the highest priority cyber threats.
Find more details on how to build a more secure future utilizing the guidelines of the National Cybersecurity Strategy. Check out additional resources on GovEvents and GovWhitePapers.
