The 2023 White House National Cybersecurity Strategy is this Administration’s new approach to addressing growing cyber threats to businesses, utilities, and other organizations. This strategy aims to ensure that the U.S. uses digital technology securely and safely while expanding its ability to respond quickly and entirely to incidents. This means establishing best practices, improving cybersecurity infrastructure, and working closely with foreign partners. It also involves collaboration between government organizations and private companies. This post will summarize key points of the 2023 White House National Cybersecurity Strategy. Follow below to learn more.
An Overview of the 2023 White House National Cybersecurity Strategy
This year’s cybersecurity strategy can be broken down into five key “pillars.” These include “defending critical infrastructure,” “disrupting threat actors,” “shaping market forces,” “investing [in cybersecurity],” and “forging international partnerships.” Our summary will also break the report down into five separate segments. First, here’s an overview.
As the introduction notes, this strategy will help us and international partners create a defensible, resilient “digital ecosystem” that “aligns with our values.” This includes smart power grids, secure supply chains, and a “maturing IOT” that resists cyberattacks.
To achieve the Biden Administration’s goals, this strategy considers an increasingly complex threat environment. As many threat actors are anonymous but thought to be based overseas, the plan identifies a need to foster relationships with other nations who share those goals.
Of course, this strategy also considers the cost of improving cybersecurity management across all levels of Administration and business. We must increase research, establish standards and policies, and create a multidisciplinary action plan to drive improvement. In addition, we must hold those who do not meet the required standard accountable.
The plan underscores that every individual has a role in ensuring cybersecurity. Biden’s Administration argues that we must create an environment where everyone understands their responsibility—including businesses, individuals, and state governments. By doing so, we can develop a way forward that will enable us to manage and reduce cybersecurity risks in the future. However, Biden also refactors responsibility—placing the onus on industry leaders and data collectors instead of consumers.
Trends Identified by the Biden Administration
The report identifies recent changes in how individuals, companies, and governments utilize our evolving digital world. Our work and social lives are increasingly remote and interconnected – often crossing international borders and time zones. The Administration argues that while technology is rapidly advancing to enable this interconnectedness, it does so without appropriate infrastructure.
Our reliance on the digital world has made many individuals, businesses, and government agencies more insecure and less protected against malicious attacks. Lack of education and training leaves government employees, business owners, consumers, and even I.T. professionals vulnerable.
With so many “essential systems [moving] online,” our utilities, hospitals, schools, and other infrastructure could be compromised during a cyberattack. As the many technologies that support and move our society forward have evolved, so have the tools and strategies available to cyber criminals. The Administration’s report notes that state-sponsored ransomware and phishing attacks have skyrocketed in recent years.
They attribute such widespread attacks to the relative ease and affordability of commissioning malicious actors today compared to a decade ago. The Administration identifies the Chinese, Russian, Iran, and North Korean governments as particularly concerning agents. All have invested significant resources in cybercrime and espionage over the last few years.
In response to these growing threats, the Administration argues that “industry and government” must work together to “defend our shared digital ecosystem.” The government will set the cybersecurity standards private companies must meet while protecting our systems and enforcing legislation.
Key Points from the White House Cybersecurity Plan
Below, we outline critical points from each “pillar” or chapter of the 2023 White House National Cybersecurity Strategy. Read the document in full here.
Pillar One: Defending Critical Infrastructure
The Biden Administration reiterates its earlier claim that government and private industry must work together closely to close gaps in our nation’s cybersecurity. It also emphasizes better communication between local, state, and federal agencies. Consistent standards are also needed – as the methods by which sensitive data are protected vary wildly from one agency to the next.
Governments need to do more than just pass legislation that requires more robust cybersecurity in the private sector. They must also reinforce their systems. To do this, they must modernize existing cybersecurity infrastructure by implementing zero trust architecture. According to the report, this architecture includes encrypting data, updating user access permissions, and employing multi-factor authentication.
Regarding regulation, the Administration argues that the government and the private sector should influence best practices. Again, government agencies should lead by example. They must match or exceed their standards. Those standards should be “agile enough” to respond to an ever-changing digital ecosystem.
Government agencies must work closely with industry leaders to create a cybersecurity framework that flexes as new threats emerge. The collaboration will be coordinated in part by Federal Cybersecurity Centers.
Pillar Two: Disrupting and Dismantling Threat Actors
The Administration will attempt to rid the world of cyber criminals who target individual citizens and seek to destabilize the U.S. as a nation. By working with key international partners, gathering intelligence, and employing law enforcement where necessary, the Biden Administration hopes to prevent future attacks.
Of course, neither the private sector nor the government can prevent all cyberattacks. As such, we must work to minimize consequences when attacks do occur. This involves enabling fast and accurate sharing of information.
The Biden Administration argues that we must improve information sharing between government agencies and between our government and private sector. With all parties well-informed, response to an attack can be coordinated quickly and effectively.
Pillar Three: Driving Security and Resilience by Shaping Market Forces
In Pillar Three, the Biden Administration argues that responsibility must shift from individuals to the “stewards of our data.” Instead of placing the onus on consumers, those benefitting from wide-scale data collection must implement appropriate cybersecurity measures. This – the Administration argues – will “make our digital ecosystem more worthy of trust.”
On one hand, the government will finance cybersecurity research that enables private companies to better protect sensitive consumer data. On the other hand, it will penalize companies that choose to bring insecure products or systems to market. Rather than holding consumers responsible for choosing secure products and systems, the government will hold manufacturers responsible for releasing those products and systems.
The government will prioritize private sector partners who meet or exceed standards set by the government when issuing grants or awarding contracts.
Pillar Four: Investing in a More Resilient Future
In Pillar Four, the Biden Administration calls for both the government and private sector to invest more resources in cybersecurity. It acknowledges that “our digital ecosystem [is a product] of sustained and mutually-supporting investments by both public and private sector entities.” However, the Administration argues that our investment has lagged behind the mounting “threats and challenges we face.”
Upcoming research and development funded by the Federal Government will focus on “artificial intelligence,” “clean energy,” “critical infrastructure control systems,” and more. Each project will make critical infrastructure more resilient by identifying vulnerabilities and recognizing attack vectors long before reaping the consequences of a cyberattack. These strategic investments will also help improve communication between key partners while enhancing trust between those partners and the public.
After all, our rapidly evolving world demands agile cybersecurity strategies informed by the latest research.
Pillar Five: Forging International Partnerships to Pursue Shared Goals
To enhance global and national security, the Administration plans to work with international partners who share its goal of creating a law-abiding digital world. In doing so, the Biden Administration hopes to dissuade bad actors from weaponizing the technology described above.
Last year, the Administration began by launching the DFI alongside sixty other nations. The overarching intention of this “diverse coalition” is to jointly craft an “open, free, global, interoperable, reliable and secure digital future.” At the same time, the coalition hopes to defend critical infrastructure and reduce cyber risk.
Countries within the DFI have created their own regional partnerships – designed to encourage R&D, coordinate business agreements and enhance information sharing. The U.S. and other nations within the DFI hope that such partnerships will help protect against foreign state-sponsored cyber attacks. They will do so in part by denying access to those who behave badly.
Providing these partners with much-needed support before and in the aftermath of attacks not only helps other countries protect their critical infrastructure. The Administration argues that it also “advances U.S. foreign policy and cybersecurity goals.”
We are becoming more interconnected and interdependent every day. A cyberattack aimed at our critical infrastructure—or that of partner nations—could cripple the global economy.
As such, a more resilient digital world serves us all. We hope that the Biden Administration’s multi-pronged approach to cybersecurity will support a more secure environment for everyone.