Cybersecurity

Summary of the 2023 National Cybersecurity Strategy: Part 3

Part 3 of 3 outlining the Biden-Harris administration’s new cybersecurity strategy.

Rex Johnson professional photo

Rex Johnson

Executive Director, Cybersecurity

Headshot of Annie Liao

Annie Liao

Sr. Consultant, Cybersecurity

banner image

In March of 2023, the Biden-Harris administration released the National Cybersecurity Strategy. The strategy aims to further strengthen US cybersecurity, forge strong partnerships with private and public organizations, and better plan for the future.

In Part 1 of this series, we broke down the introduction and general goals of the strategy as well as pillar 1, which established goals to protect the nation’s critical infrastructure. In Part 2, we explored pillars 2 and 3 of the strategy, which look to effectively address and disrupt threat actors as well as further strengthen cyber resilience practices. The third and final iteration of this series will explore pillars 4 and 5 and the implementation goals of the strategy. These sections outline goals for future resilience and strong partnerships in pursuit of shared cybersecurity strength.

Pillar 4: Invest in a Resilient Future

This pillar focuses on building the foundations for a resilient and secure cybersecurity future. It emphasizes the importance of building out the Internet as a whole ecosystem, a focus on research and development, and an investment into training the next generation of the cyber workforce. This pillar has 6 objectives:

  • 4.1 Secure the Technical Foundation of the Internet: The Internet is a critical part of the foundation for a digital world, but there are many aspects of this ecosystem that are inherently vulnerable. The federal government will ensure that its networks have appropriate security measures in place to mitigate these risks and vulnerabilities. The US will partner with industry experts in both the public and private sectors and international allies by supporting non-governmental Standards Developing Organizations (SDOs).
  • 4.2 Reinvigorate Federal Research and Development for Cybersecurity: The Federal Cybersecurity Research and Development Strategic Plan will be updated to proactively prevent and mitigate cybersecurity risks in existing and new technologies.
  • 4.3 Prepare for Our Post-Quantum Future: To counter the use of quantum computing to break current cryptographic techniques, efforts for encryption are directed to focus on quantum-resistant cryptography.
  • 4.4 Secure Our Clean Energy Future: This section focuses on investing in new energy infrastructure. The US will build in cybersecurity throughout the development of new energy infrastructure through the implementation of the National Cyber-Informed Engineering Strategy.
  • 4.5 Support Development of a Digital Identify Ecosystem: This section focuses on developing digital identity policies, technologies, and verifiable digital identity solutions. These capabilities will enhance individuals’ identity protection and prevent fraud. The digital identity policies will promote improved transparency and accountability in the use of an individual’s data.
  • 4.6 Develop a National Strategy to Strengthen Our Cyber Workforce: The Office of National Cyber Director (ONCD) will develop and oversee the implementation of a National Cyber Workforce and Education Strategy. This strategy focuses on addressing the issues of the cyber workforce gap through the investment in recruitment and training of the next generation of cybersecurity professionals. It will also focus on tackling the lack of diversity within the current cyber workforce and acknowledges that women, people of color, first-generation professionals, people with disabilities, and LGBTQ+ individuals are underrepresented. This is potentially an untapped pool of talent that can help close the cyber workforce gap.

Pillar 5: Forge International Partnership to Pursue Shared Goals

The final pillar seeks to bring together a global initiative to maintain a free, reliable, and secure Internet. It aims to respond to threats and digital repression, punishing the actors who engage in disruptive, destructive, and destabilizing actions. This final pillar has a total of 5 objectives:

  • 5.1 Build Coalitions to Counter Threats to our Digital Ecosystem: This objective builds on the US and 60 other countries’ Declaration for the Future of the Internet (DFI). It references a number of other initiatives such as the Quadrilateral Security Dialogue (“the Quad”), The Indo-Pacific Economic Framework for Prosperity (IPEF), and Americas Partnership for Economic Prosperity (APEP) for the development of technical standards and mechanisms to enable secure cross-border data flows. It also references other partnerships such as the US-EU Trade and Technology Council (TTC) and the Australia/United Kingdom/United States Partnership (AUKUS) to secure critical technologies, improve cyber coordination, and share advanced capabilities.
  • 5.2 Strengthen International Partner Capacity: This section focuses on building a coalition for shared cybersecurity priorities and vision amongst global partners. It includes enabling allies and securing critical infrastructure, as well as pooling experts from the public and private sectors to build a more robust partnership and resiliency to cybercrime.
  • 5.3 Expand US Ability to Assist Allies and Partners: Provides support to assist partner nations with recovery and counter adversary actions. This allows partner nations to support each other more effectively and efficiently in response to significant malicious cyber activities.
  • 5.4 Build Coalitions to Reinforce Global Norms of Responsible State Behavior: Seeks to pool cooperation for providing standard and acceptable behaviors in cyberspace and upholding international law. It outlines the importance of refraining from cyber operations that would intentionally damage critical infrastructure and holding irresponsible states accountable when they fail to uphold their commitments.
  • 5.5 Secure Global Supply Chains for Information, Communications, and Operational Technology Products and Services: Outlines the initiative to work with partner countries in cross-border supply chain risk management. It also reinforces the CHIPS and Science Act to improve domestic manufacturing, along with the implementation of EO 13873, “Securing the Information and Communications Technology and Services Supply Chain” and EO 14034 “Protecting Americans’ Sensitive Data from Foreign Adversaries” to prevent unacceptable and undue risks and influence from adversarial governments.

Implementation

The strategy concludes with Implementation, which includes assessing the effectiveness of the strategy, incorporating lessons learned, and committing to making the investment.

As the US and partner nations look to provide a more safe, secure, and robust Internet, they will continuously be faced with threats from malicious actors and those who wish to exploit others. It is important to note that no individual or business needs to go this alone. Selecting the right partners and advisors will help organizations be more prepared and resilient against these ongoing risks.

Summary of the 2023 National Cybersecurity Strategy

Related resources

Webinar On-Demand

New talent, proven procedures

Recorded LinkedIn Live event with CAI: Finding the right talent and implementing proven procedures are the first critical steps to improving your cybersecurity posture.

View this resource →
Article

How local governments can get ahead of their threat opponents

Read our expert opinion on cyberattacks and concerned cybersecurity measures in conversation with the Center for Digital Government.

View this resource →
Service

Cybersecurity

Flexible and inclusive cybersecurity defense suite for organizations of any size

View this resource →

Let's talk!

Interested in learning more? We'd love to connect and discuss the impact CAI could have on your organization.

All fields marked with * are required.
Please correct all errors below.
Please agree to our terms and conditions to continue.

For information about our collection and use of your personal information, our privacy and security practices and your data protection rights, please see our privacy policy and corresponding cookie policy.