In March of 2023, the Biden-Harris administration released the National Cybersecurity Strategy. The strategy builds on existing cybersecurity legislature and executive orders with the goal of building a safer, more secure Internet for businesses and individual users alike.
In Part 1 of this series, we broke down the introduction and general goals of the strategy as well as pillar 1, which established goals to protect the nation’s critical infrastructure. Part 2 will explore pillars 2 and 3 of the National Cybersecurity Strategy, which look to effectively address and disrupt threat actors as well as further strengthen cyber resilience practices.
Pillar 2: Disrupt and Dismantle Threat Actors
This pillar focuses on creating a strategy that disrupts threat actor activities in such a way that cybercriminals no longer see malicious activities as an effective means of achieving their goals, whether it be monetary or nation-state. It includes five objectives:
- 2.1 Integrate Federal Disruption Activities: The Department of Justice (DoJ) and other law enforcement agencies have always had systems in place to partner with authorities in private industries, international allies, and other resources that can disrupt threat actor activities. The information gained from these joint investigations is often invaluable in aiding additional cybersecurity efforts. Modeling after this approach, the Department of Defense (DoD) will develop an updated departmental cyber strategy that aligns with the National Security Strategy, National Defense Strategy, and this National Cybersecurity Strategy. This new strategy will clarify how US Cyber Command and DoD components will integrate cyberspace defense efforts.
- 2.2 Enhance Public-Private Operational Collaboration to Disrupt Adversaries: Routine collaboration between private sector entities and the public sector is encouraged. This collaboration can be coordinated through one or more nonprofit organizations that can serve as hubs for operational collaboration with the federal government, such as the National Cyber-Forensics and Training Alliance (NCFTA).
- 2.3 Increase the Speed and Scale of Intelligence Sharing and Victim Notification: Timely sharing of threat intelligence greatly increases the effectiveness of disruption actions. The federal government will work in coordination with CISA, law enforcement agencies, and the Cyber Threat Intelligence Integration Center (CTIIC) to develop processes to increase the speed and scale of threat intelligence notifications to defenders and victims.
- 2.4 Prevent Abuse of US-Based Infrastructure: The federal government will work with Infrastructure-as-a-Service (IaaS) providers to identify misuse of US-based infrastructure. Service providers will share reports of misuse and malicious activities using their infrastructure with the government and make reasonable attempts to secure their environments against malicious use. Adoption of a risk-based approach to cybersecurity across IaaS providers will be prioritized to make it more difficult for adversaries to take advantage of US-based infrastructure.
- 2.5 Counter Cybercrime, Defeat Ransomware: Over 30 countries participate in the Counter-Ransomware Initiative (CRI). This initiative conducts global exercises to build resilience and launched an international counter-ransomware task force to share information regarding ransomware actors and infrastructure ransomware attacks.
Pillar 3: Shape Market Forces to Drive Security and Resilience
This pillar focuses on developing a marketplace that encourages good cyber-hygiene in the development and implementation of technology. It outlines that those who do not invest in cybersecurity have a negative impact on other organizations, with smaller businesses and less affluent areas becoming more vulnerable as a result. It contains six objectives:
- 3.1 Hold the Stewards of Data Accountable: This creates accountability for those who host data. It establishes clear limits on the collection, use, transfer, and maintenance of personal data.
- 3.2 Drive the Development of Secure IoT Devices: As many devices are sent out under default settings, this increases the risk of compromise. It aims to improve this through research and development as well as IoT security labels to compare the protection of the products available.
- 3.3 Shift Liability for Insecure Software Products and Services: This looks to shift from contractual protection of liability to a higher standard while understanding that not all vulnerabilities can be prevented. Software companies must feel free to innovate but be held accountable if they do not adequately test and minimize vulnerabilities prior to release.
- 3.4 Use Federal Grants and Other Incentives to Build in Security: Balances cybersecurity requirements for applicants with support. It drives investment in critical products and services that are secure and resilient by design.
- 3.5 Leverage Federal Procurement to Improve Accountability: Holds accountable those that put US information or systems at risk by knowingly providing deficient products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cyber incidents and breaches.
- 3.6 Explore a Federal Cyber Insurance Backstop: In the event of a large cyber incident, the federal government should stabilize the economy and aid recovery as well as assess the need for possible structures of a federal insurance response.
In Part 3 of the series, we will explore pillars 4 and 5 of the National Cybersecurity Strategy. These pillars aim to futureproof cybersecurity strategy, further improve cyber resilience, and develop strong partnerships in pursuit of shared goals.
As cybersecurity becomes increasingly critical to business continuity, staying aware of trends and building an effective strategy can seem daunting. Consider hiring a trusted partner to advise your cyber strategy and ensure your organization is protected.