The White House published a comprehensive National Cyber Strategy detailing how the Trump administration aims to improve cybersecurity in government, critical infrastructure and the private sector, as well as tackling cybercrime and international issues.
The National Cyber Strategy builds upon the cybersecurity executive order signed in May 2017 and the subsequent security audit reports submitted by federal agencies. The White House claims this is “the first fully articulated National Cyber Strategy released in 15 years.” However, Bryson Bort,
“A Cybersecurity Sprint in response to the OMB compromise was enacted [in 2015] to attempt to immediately shore up federal networks, but this dragged on and very little was accomplished. The [Cybersecurity Strategy and Implementation Plan] was released to
The 26-page document was broken up into four main “pillars” covering topics in cybersecurity and cybercrime, fostering the digital economy and workforce, cyber deterrence, and international governance.
The first pillar included goals to improve cybersecurity in the federal supply chain, third-party contractors — which has been at the root of multiple government leaks — critical infrastructure and to improve incident reporting and apprehension of cybercriminals.
“The Administration will clarify the roles and responsibilities of federal agencies and the expectations on the private sector related to cybersecurity risk management and incident response,” the White House wrote in the National Cyber Strategy. “Clarity will enable proactive risk management that comprehensively addresses threats, vulnerabilities, and consequences. It will also identify and bridge existing gaps in responsibilities and coordination among federal and non-federal incident response efforts and promote more routine training, exercises, and coordination.”
Bort noted the Strategy also plans to give the Department of Homeland Security (DHS) more responsibility for federal civilian cybersecurity, a move which might render the currently vacant role of federal CISO “obsolete.”
“The biggest item on there in terms of lift was something I haven’t seen commented on elsewhere. They want to create a federal civilian Defense Information Systems Agency equivalent,” Bort wrote. “DHS will deliver ‘shared services and infrastructure’ for all non-Department of Defense and Intelligence Community agencies. Ironically, DISA may be getting disbanded on the DOD side.”
The White House wrote that the DHS should have “appropriate access to agency information systems for cybersecurity purposes and can take and direct action to safeguard systems from the spectrum of risks” and have “appropriate visibility into those services and infrastructure to improve United States cybersecurity posture.”
The second pillar of the National Cyber Strategy pushed goals to invest in
The third and fourth pillars of the National Cyber Strategy concerned international cyber norms for “responsible state behavior,” protecting internet freedom and interoperable communication infrastructure, promoting a “multi-stakeholder model of internet governance,” and building a “Cyber Deterrence Initiative.”
“The imposition of consequences will be more impactful and send a stronger message if it is carried out in concert with a broader coalition of like-minded states. The United States will launch an international Cyber Deterrence Initiative to build such a coalition and develop tailored strategies to ensure adversaries understand the consequences of their malicious cyber behavior,” the White House wrote. “The United States will work with like-minded states to coordinate and support each other’s responses to significant malicious cyber incidents, including through intelligence sharing, buttressing of attribution claims, public statements of support for responsive actions taken, and
Reactions to the National Cyber Strategy
Gregory Touhill, president of Cyxtera Federal Group and former federal CISO, had praise for the National Cyber Strategy.
“The new National Cyber Strategy is a great step forward and demonstrates a thoughtful interagency approach to protecting national prosperity and security in our information-enabled world,” Touhill wrote via email. “It builds upon the lessons learned from previous administrations and presents a solid approach to managing cyber risk.”
Bort said the National Cyber Strategy was “the most comprehensive cybersecurity strategy document ever published.”
“It firmly states a vision of the United States as ensuring a secure internet by cooperation or force. It reads like a response to former NSA Director Admiral Mike Rogers’ February Congressional testimony where he acknowledged current constraints in responding to the active threat landscape the U.S. faces,” Bort wrote. “The message appears to be: you will see an American Flag planted on your scorched computers.”
Pravin Kothari, CEO of cloud security vendor CipherCloud, based in San Jose, Calif., said the Strategy “is a good step forward,” but added that “the details count.”
Based Blockchain Network